You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The URL/name for the cluster registry has changed in OpenShift 4. When migrating existing manifests or pipeline steps that reference the internal cluster registry, you will want to double-check your registry URL.
Internal name (accessing from a deployment manifest): image-registry.openshift-image-registry.svc:5000 External name (accessing from an external service or workstation): https://image-registry.apps.silver.devops.gov.bc.ca
common errors
Mistakenly using an external name in your deployment manifest
The in-cluster service accounts have default access tokens configured for the internal registry, but this does not include automatically logging into the external name. Errors like the following indicate that you will want to change your registry reference in your deployment manifest to the internal name instead of the external route.
Hard-coded registry name not changed during migration
Some deployment manifests and templates may still reference the OpenShift 3 registry DNS. Check your manifest file for things like docker-registry.default.svc:5000 or even an IP address like: 172.50.0.2:5000. If you see these in your manifests, you'll want to replace them with the internal name.
The text was updated successfully, but these errors were encountered:
jefkel
changed the title
Failed to pull image
Cluster registry name change
Oct 27, 2020
The image registry in OCP4 is available internally via image-registry.openshift-image-registry.svc:5000 and externally via image-registry.apps.silver.devops.gov.bc.ca:443.
It appears that internal access works with local service accounts including the default image-puller and builder SAs out of the box. You should use this by default.
External access should be used with newly created service account when accessing the cluster from some other system.
Need to know
The URL/name for the cluster registry has changed in OpenShift 4. When migrating existing manifests or pipeline steps that reference the internal cluster registry, you will want to double-check your registry URL.
Internal name (accessing from a deployment manifest):
image-registry.openshift-image-registry.svc:5000
External name (accessing from an external service or workstation):
https://image-registry.apps.silver.devops.gov.bc.ca
common errors
Mistakenly using an external name in your deployment manifest
The in-cluster service accounts have default access tokens configured for the internal registry, but this does not include automatically logging into the external name. Errors like the following indicate that you will want to change your registry reference in your deployment manifest to the internal name instead of the external route.
Hard-coded registry name not changed during migration
Some deployment manifests and templates may still reference the OpenShift 3 registry DNS. Check your manifest file for things like
docker-registry.default.svc:5000
or even an IP address like:172.50.0.2:5000
. If you see these in your manifests, you'll want to replace them with the internal name.The text was updated successfully, but these errors were encountered: