Thanks for the link
I think this is a valid solution for development. In the long run we need
to create custom imagestream anyway.
Stil, I cannot save the yaml because our registry is not in the whitelist,
even when setting the insecure annotation. I double checked my
docker-daemon...
{
"registry-mirrors": [
"https://docker.mydomain.com:5000";
],
"insecure-registries": [
"docker.mydomain.com:5000",
"172.30.0.0/16"
],
"debug": true,
"experimental": true
}
Von: Ben Parees <[email protected]>
An: [email protected]
Kopie: users <[email protected]>
Datum: 20.04.2018 15:25
Betreff: Re: Re: Re: Origin 3.9 (oc cluster up) doesnt use
registry-mirror for internal registry
On Fri, Apr 20, 2018 at 2:49 AM, <[email protected]> wrote:
After setting up the proxy in oc cluster up as well as the daemon
(including the necessary bypass) the problem remains.
So I created a admin user to which I gave the cluster-admin role and this
one can see all image-streams and I can update them in the webconsole.
And here I can see the root cause which is actually caused by SSL
Internal error occurred: Get https://registry-1.docker.io/v2/: x509:
certificate signed by unknown authority. Timestamp: 2018-04-20T06:33:47Z
Error count: 2
Of course we have our own CA :-)
Is there a way to import our ca-bundle? I did not see anything in "oc
cluster up --help"
You're seeing this error in the imagestreams during image import?
The easiest thing to do is mark the imagestreams insecure:
https://docs.openshift.org/latest/dev_guide/managing_images.html#insecure-registries
(Since oc cluster up is intended for dev usage, I am going to make the
assumption this is a reasonable thing for you to do).
If you don't want to do that, you'd need to add the cert to the origin
image which oc cluster up starts up to run the master.
Von: Ben Parees <[email protected]>
An: [email protected]
Kopie: users <[email protected]>
Datum: 19.04.2018 16:10
Betreff: Re: Re: Origin 3.9 (oc cluster up) doesnt use
registry-mirror for internal registry
On Thu, Apr 19, 2018 at 9:14 AM, <[email protected]> wrote:
Thanks for the quick replies.
The http-proxy is not enough to get out, since the daemon uses also other
protocols than http.
right but it will get the imagestream imported. After that it's up to
your daemon configuration as to whether the pull can occur, and it sounded
like you had already configured your daemon.
Changing the image-streams seems to be a valid approach, unfortunately I
cannot export them in order to edit them...because they are not there yet
According to the documentation I need to export the image-stream by
<name>@<id>
In order to get the id, I can use oc describe...but see
$ oc describe is jenkins
Error from server (NotFound): imagestreams.image.openshift.io "jenkins"
not found
So I cannot run
$ oc export isimage jenkins@???
I am wondering why the containerized version isnt honoring the settings of
the docker-daemon running on my machine. Well it does when it is pulling
the openshift images
docker images
REPOSITORY TAG IMAGE ID
CREATED SIZE
openshift/origin-web-console v3.9.0 60938911a1f9
2 weeks ago 485MB
openshift/origin-docker-registry v3.9.0 2663c9df9123
2 weeks ago 455MB
openshift/origin-haproxy-router v3.9.0 c70d45de5384
2 weeks ago 1.27GB
openshift/origin-deployer v3.9.0 378ccd170718
2 weeks ago 1.25GB
openshift/origin v3.9.0 b5f178918ae9
2 weeks ago 1.25GB
openshift/origin-pod v3.9.0 1b36bf755484
2 weeks ago 217MB
but the image-steams are not pulled.
Nonetheless, When I pull the image-stream manually (docker pull
openshift/jenkins-2-centos7) it works.
So why is the pull not working from inside Openshift?
regards
Marc
You can update the image streams to change the registry.
You can also set a proxy for the master, which is the process doing the
imports and which presumably needs the proxy configured, by passing these
args to oc cluster up:
--http-proxy='': HTTP proxy to use for master and builds
--https-proxy='': HTTPS proxy to use for master and builds
I believe that should enable your existing imagestreams (not the ones
pointing to the proxy url) to import.
best regards
Marc
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
--
Ben Parees | OpenShift
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
--
Ben Parees | OpenShift
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
--
Ben Parees | OpenShift
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
