Openshift having issues installing certificates for corporate Docker registry
Issue
- When having an internal docker registry for disconnected deployments, the registry has a self-signed cert, but that cert is in the PKI store on every openshift node. In 3.9.x, i am able to 'oc import-image' without having to '--insecure', however in 3.10.x it's failing x509. It looks like openshift is not using my system-level PKI store to import these images.
[root@master01 ~]# oc import-image repo.home.example.com/rhel7.5 --confirm -n openshift
The import completed with errors.
Name: rhel7.5
Namespace: openshift
Created: Less than a second ago
Labels: <none>
Annotations: openshift.io/image.dockerRepositoryCheck=2018-06-19T15:34:02Z
Docker Pull Spec: docker-registry.default.svc:5000/openshift/rhel7.5
Image Lookup: local=false
Unique Images: 0
Tags: 1
latest
tagged from repo.home.example.com/rhel7.5
! error: Import failed (InternalError): Internal error occurred: Get https://repo.home.example.com/v2/: x509: certificate signed by unknown authority
Less than a second ago
error: tag latest failed: Internal error occurred: Get https://repo.home.example.com/v2/: x509: certificate signed by unknown authority
- How to add certificates of coporate or internal docker registry in Openshift 3.10+
Environment
- Openshift Container Platform
- 3.10
- 3.11
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.