Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cluster registry name change #14

Closed
StevenBarre opened this issue Oct 27, 2020 · 2 comments
Closed

Cluster registry name change #14

StevenBarre opened this issue Oct 27, 2020 · 2 comments

Comments

@StevenBarre
Copy link

StevenBarre commented Oct 27, 2020
edited by jefkel

Need to know

The URL/name for the cluster registry has changed in OpenShift 4. When migrating existing manifests or pipeline steps that reference the internal cluster registry, you will want to double-check your registry URL.

Internal name (accessing from a deployment manifest): image-registry.openshift-image-registry.svc:5000
External name (accessing from an external service or workstation): https://image-registry.apps.silver.devops.gov.bc.ca

common errors

Mistakenly using an external name in your deployment manifest

The in-cluster service accounts have default access tokens configured for the internal registry, but this does not include automatically logging into the external name. Errors like the following indicate that you will want to change your registry reference in your deployment manifest to the internal name instead of the external route.

Failed to pull image "image-registry.apps.silver.devops.gov.bc.ca/e52f12-dev/patroni:v10-stable": rpc error: code = Unknown 
desc = Error reading manifest v10-stable in image-registry.apps.silver.devops.gov.bc.ca/e52f12-dev/patroni: unauthorized: 
authentication required

Hard-coded registry name not changed during migration

Some deployment manifests and templates may still reference the OpenShift 3 registry DNS. Check your manifest file for things like docker-registry.default.svc:5000 or even an IP address like: 172.50.0.2:5000. If you see these in your manifests, you'll want to replace them with the internal name.
@jefkel jefkel changed the title Failed to pull image Cluster registry name change Oct 27, 2020
@StevenBarre
Copy link
Author

The image registry in OCP4 is available internally via image-registry.openshift-image-registry.svc:5000 and externally via image-registry.apps.silver.devops.gov.bc.ca:443.

It appears that internal access works with local service accounts including the default image-puller and builder SAs out of the box. You should use this by default.

External access should be used with newly created service account when accessing the cluster from some other system.

@StevenBarre StevenBarre mentioned this issue Oct 29, 2020
Closed
1 task
@garywong-bc garywong-bc mentioned this issue Nov 6, 2020
Closed
@garywong-bc
Copy link

OCP3 names were:
Internal name: docker-registry.default.svc:5000
External name: docker-registry.pathfinder.gov.bc.ca

Documenting here so that searches on the old names will return this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@StevenBarre @garywong-bc @mitovskaol