Cannot import VM template from private registry

Solution Verified - Updated -

Issue

  • We have added a custom dataImportCronTemplate to the HyperConverged object:

    apiVersion: hco.kubevirt.io/v1beta1
kind: HyperConverged
metadata:
name: kubevirt-hyperconverged
namespace: openshift-cnv
spec:
dataImportCronTemplates:
- metadata:
    annotations:
      cdi.kubevirt.io/storage.bind.immediate.requested: "true"
    name: my-fedora
  spec:
    managedDataSource: my-fedora
    retentionPolicy: None
    schedule: '*/5 * * * *'
    template:
      spec:
        source:
          registry:
            certConfigMap: registry-ca-cert
            url: docker://registry.example.com:5000/fedora:latest
            pullMethod: node
        storage:
          resources:
            requests:
              storage: 30Gi

  • The private registry uses a certificate signed by an internal CA.

  • The image import fails with a TLS error: "tls: failed to verify certificate: x509: certificate signed by unknown authority"

Environment

  • OpenShift Container Platform 4.14
  • OpenShift Virtualization 4.14.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content