Looking at the registry logs, it's not happy with the remote registry cert.
time="2017-11-17T03:53:46.591715267Z" level=error msg="response completed with error" err.code="manifest unknown" err.detail=" x509: certificate signed by unknown authority" Given that oc import-image works I was expecting the registry to trust the same ca's. On 17 November 2017 at 12:01, Ben Parees <[email protected]> wrote: > > > On Thu, Nov 16, 2017 at 7:57 PM, Lionel Orellana <[email protected]> > wrote: > >> Is pullthrough enabled on your registry? >> >> >> Yes. >> >> "When performing pullthrough, the registry will use pull credentials >>> found in the project associated with the image stream tag that is being >>> referenced" >>> >> >> >> I'm deploying in the same project where the image stream is. I have >> a dockercfg secret in the project with credentials for the remote registry. >> I linked that secret to the deployment as pull secret. It works when >> remotePolicy is Source so I know the credentials are Ok. But how does the >> registry find the pull credentials to use? I assume it looks for the server >> name in the dockercfg secret? >> > > yes. > > >> >> >> On 17 November 2017 at 10:01, Ben Parees <[email protected]> wrote: >> >>> >>> >>> On Thu, Nov 16, 2017 at 5:36 PM, Lionel Orellana <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> I imported a remote image and set referencePolicy.type to Local in the >>>> resulting tag. When I try to deploy an pod using this image stream tag I >>>> get "rpc error: code = 2 desc = manifest unknown: manifest unknown". >>>> >>>> If I change the referencePolicy type to Source then the pod pulls the >>>> image fine from the remote registry. But this requires linking a pull >>>> secret to the deployment which is an extra step I could do without. I >>>> thought I would get around that by referencing the Local image. >>>> >>>> How do I pull the remote image when referencePolicy is Local? >>>> >>> >>> >>> Is pullthrough enabled on your registry? >>> https://docs.openshift.org/latest/install_config/registry/ex >>> tended_registry_configuration.html#middleware-repository-pullthrough >>> >>> also: >>> "When performing pullthrough, the registry will use pull credentials >>> found in the project associated with the image stream tag that is being >>> referenced. " >>> >>> So if your imagestream is in a different project, you need to make sure >>> the credentials are in the right place. >>> >>> >>>> Thanks >>>> >>>> >>>> >>>> _______________________________________________ >>>> users mailing list >>>> [email protected] >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>> >>>> >>> >>> >>> -- >>> Ben Parees | OpenShift >>> >>> >> > > > -- > Ben Parees | OpenShift > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
