Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot create image stream from private registry with secret? #20084

Closed
snimmagadda1 opened this issue Jun 22, 2018 · 11 comments
Closed

Cannot create image stream from private registry with secret? #20084

snimmagadda1 opened this issue Jun 22, 2018 · 11 comments
Assignees
@bparees
Labels
sig/developer-experience

Comments

@snimmagadda1
Copy link

snimmagadda1 commented Jun 22, 2018
edited

I am trying to pull from a private docker registry hosted on Microsoft Azure and create an image stream from it. I have created a secret with the credentials I am able to pull from the registry with; however, when I run my oc import-image command it tells me i am unauthorized (see below).. Note: I have also tried with the --insecure flag as well.

Version

oc v3.6.173.0.5
kubernetes v1.6.1+5115d708d7
features: Basic-Auth

Server https://ocp.235-365-38-9b22f2.cor00005.cna.ukcloud.com:8443
openshift v3.7.44
kubernetes v1.7.6+a08f5eeb62

Steps To Reproduce
  1. Create secret
oc create secret docker-registry pull-secret-azure --docker-server=zeusConsentRegistry.azurecr.io --docker-username=myUser --docker-password=myPassword --docker-email=myEmail

oc import-image zeusConsentRegistry.azurecr.io/zeusservice-dev:latest --confirm
Current Result
The import completed with errors.

Name:			zeusservice-dev
Namespace:		dev-environment
Created:		Less than a second ago
Labels:			<none>
Annotations:		openshift.io/image.dockerRepositoryCheck=2018-06-22T20:01:02Z
Docker Pull Spec:	docker-registry.default.svc:5000/dev-environment/zeusservice-dev
Image Lookup:		local=false
Unique Images:		0
Tags:			1

latest
  tagged from zeusConsentRegistry.azurecr.io/zeusservice-dev:latest
    will use insecure HTTPS or HTTP connections

  ! error: Import failed (InternalError): Internal error occurred: Get https://zeusConsentRegistry.azurecr.io/v2/zeusservice-dev/manifests/latest: unauthorized: authentication required
      Less than a second ago

error: tag latest failed: Internal error occurred: Get https://zeusConsentRegistry.azurecr.io/v2/zeusservice-dev/manifests/latest: unauthorized: authentication required
Expected Result

Successful image stream created...
@snimmagadda1
Copy link
Author

snimmagadda1 commented Jun 22, 2018
edited

#18449 - potentially similar; however I am not using docker.io and was unable to find a solution via this thread..

@jwforres
Copy link
Member

jwforres commented Jul 3, 2018

@openshift/sig-developer-experience

@bparees
Copy link
Contributor

bparees commented Jul 3, 2018

@snimmagadda1 the issue is that the oc 3.6 client had issues creating proper docker secrets and the workaround from the thread was to create a generic secret from your .docker/config.json file (after doing a docker login to populate your config.json):

oc create secret generic --from-file=.dockerconfigjson=/path/to/your/.docker/config.json --type=kubernetes.io/dockerconfigjson pullsecret

@bparees
Copy link
Contributor

bparees commented Jul 3, 2018

please try that and let me know if it gets your import to work.

@bparees
Copy link
Contributor

bparees commented Jul 18, 2018

closing based on lack of feedback, can reopen.

@bparees bparees closed this as completed Jul 18, 2018
@xibix-fp
Copy link

xibix-fp commented Sep 19, 2018
edited

@bparees I am facing the issue and tested the way with creating a secret based on the config.json, but without any success. It looks like the Pod is not able to pull the image.

image

The image lookup during the creation of the Deployment looks fine.

image

The problem occurs on Openshift 3.6 and 3.7 in our case.

@bparees
Copy link
Contributor

bparees commented Sep 19, 2018

@xibix-fp the reported issue was for creating imagestreams that import from a private registry. your issue is with pulling images from a private registry which is a different component. Please open a new issue so we can route it to the correct team and not confuse people about which problem is being discussed.

@xibix-fp
Copy link

@bparees That was just an additional information. When using ImageStreaming the same error occurs and appear in the Pod event log.

@gauravojha
Copy link

gauravojha commented Oct 2, 2018
edited

@xibix-fp can you tell me if there is an issue for the comment above by you? I am facing the same problem. @bparees I am facing it on 3.10

Update

So, I found a workaround to this. Opened /etc/containers/registries.conf on the master and nodes, and added the following to registries registries=['docker.io', 'registry.access.redhat.com'].

This is most likely what is to be done through the ansible installation

@xibix-fp
Copy link

@gauravojha There is no issue by me opened yet. But it is still not working and as I do not have any access to the master nodes, I have no chance to implement your workaround. :-(

@gauravojha
Copy link

@xibix-fp if you have access to the infra or computing nodes, you can try putting it there. Probably because the nodes are what should be pulling the image, but I am not sure if this will work. Worth a shot I guess

@donovat donovat mentioned this issue May 30, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bparees bparees

Labels
sig/developer-experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jwforres @bparees @gauravojha @snimmagadda1 @openshift-ci-robot @xibix-fp