Failed to pull image with x509: certificate signed by unknown authority error when using mirrored registries in OpenShift 4
Issue
- Using a mirrored registry, there are pods in
ImagePullBackOff
error, and the images cannot be pulled with errorFailed to pull image
andx509: certificate signed by unknown authority error
errors. -
The image pull fails with the following message shown in the events:
Failed to pull image "quay.io/openshift-release-dev/ocp-release@sha256:xxxxxx": rpc error: code = Unknown desc = (Mirrors also failed: custom-image-registry-mirror.example.com:[port]/[namespace]0@sha256:xxxxxx: pinging container registry custom-image-registry-mirror.example.com:[port]: Get "https://custom-image-registry-mirror.example.com:[port]/v2/": x509: certificate signed by unknown authority]): quay.io/openshift-release-dev/ocp-release@sha256:xxxxxx: pinging container registry quay.io: Get "https://quay.io/v2/": dial tcp: lookup quay.io on 10.0.0.1:53: server misbehaving
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4
- Disconnected environment
- Mirrored registry
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.