Re: Private registry : unable to pull

[Srinivas Naga Kotaru (skotaru)]

As I said, if I toggle image to public, was able to create app.

Since we have multiple clusters, we are exploring using a single corporate 
repository to host all images. It include openshift specific and other 
certified images in our environment.  Want to avoid multiple internal repo’s 
associated with each cluster for easy operations and maintenance purpose.

We also exploring to build and deployment outside of openshift using CI/CD tool 
chain and copy final  images  central repo rather openshift repo.

That is the idea of this exercise.  We don’t want to expose all images to 
everyone and limit them to private. A special secret will be added to all 
projects and CI/CD Jenkins bot which has access to push and pull to this 
corporate repo.

--
Srinivas Kotaru

From: Ben Parees <bpar...@redhat.com<mailto:bpar...@redhat.com>>
Date: Friday, March 4, 2016 at 10:29 AM
To: skotaru <skot...@cisco.com<mailto:skot...@cisco.com>>, 
"ccole...@redhat.com<mailto:ccole...@redhat.com>" 
<ccole...@redhat.com<mailto:ccole...@redhat.com>>
Cc: "users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>" 
<users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>>
Subject: Re: Private registry : unable to pull



On Thu, Mar 3, 2016 at 11:03 PM, Srinivas Naga Kotaru (skotaru) 
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Am trying to create an app using an image from corporate private registry.

>>>>>>>>>>
# oc new-app --docker-image=myrepo/skotaru/ruby-22-rhel7 --name quayapp1

I0303 19:55:15.769901   88132 componentresolvers.go:126] Errors occurred during 
resolution: []error{(*errors.errorString)(0xc208546d00)}
F0303 19:55:15.770051   88132 helpers.go:96] error: no match for 
“myrepo/skotaru/ruby-22-rhel7", specify --allow-missing-images to use this 
image name.

<<<<<<<<<<

It is failing to create app. If I changed image type to public, am able to 
create the app.

created a secret and added it to default service account.

# oc secrets new-dockercfg repo-login --docker-server=myrepo 
--docker-username=skotaru --docker-password=<****> 
--docker-email=f...@fake.com<mailto:f...@fake.com>
# oc secrets add serviceaccount/default secrets/repo-login --for=pull

Am I missing anything here? Why unable to create app if image type is private?

​oc new-app now goes through the openshift internal registry to pull all 
images, so the question is how to ensure the openshift registry has the 
necessary credentials to access your private registry.  The answer to that is 
you need to create an imagestream that points to your private registry, and 
includes your credentials.

Then you can invoke new-app w/ the imagestream name.

Alternatively, if you're confident you've setup your service account 
credentials correctly, you can go ahead and use the "--allow-missing-images" 
flag and new-app will construct the DeploymentConfig despite not being able to 
confirm the image exists.

Adding Clayton in case there are more details to the registry pull-through 
feature.

​



--
Srinivas Kotaru

_______________________________________________
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Ben Parees | OpenShift


_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users