RE: Create image-stream for image from insecure private docker registry

[Den Cowboy]

Now I tried:

oc import-image --insecure=true 
ec2-xx-xx-xx-xx.xx-central-1.compute.amazonaws.com:5000/test/test-image:14 
--confirm

message: you may not have access to the Docker image 
"ec2-xx-xx-xx-xx.xx-central-1.compute.amazonaws.com:5000/test/test-image:14"
      reason: Unauthorized
      status: "False"

From: dencow...@hotmail.com
To: ccole...@redhat.com
Subject: RE: Create image-stream for image from insecure private docker registry
Date: Thu, 25 Feb 2016 08:04:30 +0000




I've docker on all my instances.

oc import-image 
ec2-xx-xx-xx-xx.xx-central-1.compute.amazonaws.com:5000/test/test-image:14 
--confirm
The import completed successfully.

Name:            ponds-ui-nodejs
Created:        19 minutes ago
Labels:            <none>
Annotations:        
openshift.io/image.dockerRepositoryCheck=2016-02-25T07:41:00Z
Docker Pull Spec:    172.30.xx.xx:5000/test2/test-image

Tag    Spec                                        Created        PullSpec    
Image
14    ec2-xx-xx-xx-xx.xx-central-1.compute.amazonaws.com:5000/test/test-image   
 19 minutes ago            import failed: Internal error occurred: Get 
https://ec2-xx-xx-xx-xx...

When I want to edit it:

      lastTransitionTime: 2016-02-25T07:41:00Z
      message: 'Internal error occurred: Get 
https://ec2-xx-xx-xx-xx.xx-central-1.compute.amazonaws.com:5000/v2/:
        x509: certificate signed by unknown authority'
      reason: InternalError
      status: "False"

In /etc/sysconfig/docker:
INSECURE_REGISTRY='--insecure-registry 
ec2-xx-xx-xx-xx.xx-central-1.compute.amazonaws.com'

The insecure registry is using selfsigned certs and basic authentication.
I'm able to login in the registry manually and pull the image manually.

From: ccole...@redhat.com
Date: Wed, 24 Feb 2016 20:33:51 -0500
Subject: Re: Create image-stream for image from insecure private docker registry
To: dencow...@hotmail.com
CC: maszu...@redhat.com; users@lists.openshift.redhat.com

If you are on 1.1.3 there is a bug with new-app if you are running new-app on a 
machine without Docker, you won't be able to select images from the DockerHub.  
1.1.4 will contain a fix for that.
If you want to import that image,
    oc import-image 
ec2-52-58-3-178.eu-central-1.compute.amazonaws.com:5000/test/image-name
Should be all you need.
On Feb 24, 2016, at 7:26 AM, Den Cowboy <dencow...@hotmail.com> wrote:




I've created my secret as following:
oc secrets new-dockercfg ec2-xxx.com --docker-server=ec2-xxx.com:5000 
--docker-username=test --docker-password=test --docker-email=mail@mail.comAfter 
that I tried to create my image-stream (which is not yet connected with the 
secret. How do I have to perform this?)

oc create -f image-stream.json 

content of the .json:
kind: ImageStream
apiVersion: v1
metadata:
  name: image-name
  tags:
  - from:
      kind: DockerImage
      name: 
ec2-52-58-3-178.eu-central-1.compute.amazonaws.com:5000/test/image-name
    name: 83
    importPolicy:
      insecure: "true"

But after $ oc get is

$ oc get is
NAME              DOCKER REPO                                TAGS      UPDATED
image-name   172.30.xx.xx:5000/my-project-in-openshift/image-name  

But I don't see the tag.
$ oc new-app --list shows my create image-stream but also no tag:

and when I try to use the image-stream:
$ oc new-app --image-stream=image-name
error: component "image-name" had only a partial match of 
"my-project-in-openshift/image-name" - if this is the value you want to use, 
specify it explicitly

oc new-app --image-stream=my-project-in-openshift/ponds-ui-nodejs
error: component "test3/ponds-ui-nodejs" had only a partial match of 
"test3/ponds-ui-nodejs" - if this is the value you want to use, specify it 
explicitly





> Subject: Re: Create image-stream for image from insecure private docker 
> registry
> To: dencow...@hotmail.com; users@lists.openshift.redhat.com
> From: maszu...@redhat.com
> Date: Tue, 23 Feb 2016 14:25:43 +0100
> 
> 
> 
> On 02/23/2016 11:44 AM, Den Cowboy wrote:
> > I  try to create an image-stream for my image from a docker registry.
> > The registry is insecure (it's using selfsigned certificates) and there is 
> > a login + password on my registry.
> > I've put the certs on the nodes of my openshift cluster and I'm able to 
> > login and pull the images I want.
> > But I need to create image-streams for this.
> > My registry is: ec2-xx-xx-xx-xx.xx-xx-1.compute.amazonaws.com:5000
> >
> > docker login ec2-xx-xx-xx-xx.xx-xx-1.compute.amazonaws.com:5000
> > Username: ****
> > Password:
> > Email: ****
> > WARNING: login credentials saved in /home/centos/.docker/config.json
> > Login Succeeded
> > $ docker pull 
> > ec2-xx-xx-xx-xx.xx-xx-1.compute.amazonaws.com:5000/test/my-image:83
> > Trying to pull repository 
> > ec2-xx-xx-xx-xx.xx-xx-1.compute.amazonaws.com:5000/test/my-image:83: 
> > Pulling from test/my-image
> > 77e39ee82117: Pull complete
> > 5eb1402f0414: Pull complete
> > 9287fae7a16e: Pull complete
> > 0288ae931294: Pull complete
> > 9536cbaf1242: Pull complete
> > ddfb2360ce1e: Pull complete
> > 8ab6f3fcbdb5: Pull complete
> > 20ed370cdb6e: Pull complete
> > ebcf22a55440: Pull complete
> > 5f8d821c760f: Pull complete
> > cfa77085638d: Pull complete
> > e154104e0560: Pull complete
> > 9774ad57345c: Pull complete
> > fea97a1ec848: Pull complete
> > 4b8c16278ead: Pull complete
> > dc18e7f95e9b: Pull complete
> > 308e99456a16: Pull complete
> > e95130b212d6: Pull complete
> > 7e48c416298a: Pull complete
> > Digest: 
> > sha256:03d4c5090dd06a29ba3473870efdbf6324c0074b94345b3a346d5a8e2dd0a141
> > Status: Downloaded newer image for ...
> >
> > But okay. Now I have the image only on one of my nodes. So I have to create 
> > an image-stream for it:
> > I want it in my project testing:
> > $ oc new-project testing
> > I try to create a secret to make it possible to login on my registry for 
> > each node:
> > $
> >   oc secrets new-dockercfg SECRET
> > --docker-server=ec2-xx-xx-xx-xx.xx-xx-1.compute.amazonaws.com
> > --docker-username=*** --docker-password=*** --docker-email=***
> > The Secret "SECRET" is invalid.
> > metadata.name:
> >   Invalid value: "SECRET": must be a DNS subdomain (at most 253
> > characters, matching regex
> > [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*): e.g.
> > "example.com"
> 
> You should replace SECRET with the name under which the secret
> should be stored. The requirement for that is lowercase letters
> and numbers - see the regex above.
> 
> > Why is it invalid?
> > After that I want to create my image-stream:
> >
> >
> > kind: ImageStream
> > apiVersion: v1
> > metadata:
> >    name: my-image
> >    annotations:
> >      openshift.io/image.insecureRepository: "true"
> >    spec:
> >      dockerImageRepository: 
> > ec2-xx-xx-xx-xx.xx-xx-1.compute.amazonaws.com/test/my-image
> >
> > Is this the right approach?
> >
> >
> >                                     
> >
> >
> >
> > _______________________________________________
> > users mailing list
> > users@lists.openshift.redhat.com
> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users
> >
                                          
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
                                                                                
  
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users