Build process cannot pull image from the external registry which has a custom certificate

Solution Verified - Updated -

Issue

  • I cannot deploy an image because building image fails while trying to pull the image from the external registry, which has a custom certificate:

    Cloning "https://github.com/example-app" ...
        Commit: 
        Author:
        Date:
    pulling image error : unknown: unable to pull manifest from docker-registry.example.com/rhscl/httpd-24-rhel7:latest: Get https://docker-registry.example.com/v2/:  x509: certificate signed by unknown authority
    error: build error: unable to get docker-registry.default.svc:5000/openshift/httpd@sha256:
    
  • I can pull the image with docker or inspect with skopeo from the nodes, but it fails during deployment.

  • External registry CA certificate is not trusted, but I have already copied it to the master.

NOTE: For OCP4 related issues please check on this documentation.

Environment

  • Openshift Container Platform (OCP) 3.11
  • External docker registry with a custom/self-signed CA certificate

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In