Openshift having issues installing certificates for corporate Docker registry

Solution In Progress - Updated -

Issue

  • When having an internal docker registry for disconnected deployments, the registry has a self-signed cert, but that cert is in the PKI store on every openshift node. In 3.9.x, i am able to 'oc import-image' without having to '--insecure', however in 3.10.x it's failing x509. It looks like openshift is not using my system-level PKI store to import these images.
[root@master01 ~]# oc import-image repo.home.example.com/rhel7.5 --confirm -n openshift
The import completed with errors.

Name:           rhel7.5
Namespace:      openshift
Created:        Less than a second ago
Labels:         <none>
Annotations:        openshift.io/image.dockerRepositoryCheck=2018-06-19T15:34:02Z
Docker Pull Spec:   docker-registry.default.svc:5000/openshift/rhel7.5
Image Lookup:       local=false
Unique Images:      0
Tags:           1

latest
  tagged from repo.home.example.com/rhel7.5

  ! error: Import failed (InternalError): Internal error occurred: Get https://repo.home.example.com/v2/: x509: certificate signed by unknown authority
      Less than a second ago

error: tag latest failed: Internal error occurred: Get https://repo.home.example.com/v2/: x509: certificate signed by unknown authority
  • How to add certificates of coporate or internal docker registry in Openshift 3.10+

Environment

  • Openshift Container Platform
    • 3.10
    • 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content