Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-1004

[OCP 3.11] Unable to pull from untrusted registry in disconnect environment


      I have a disconnected OpenShift 3.11 environment that I'm trying to install CRW 2.1 in. I'm following the documentation found here - https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.1/html-single/installation_guide/index#installing-codeready-workspaces-in-a-restricted-environment-using-cli-management-tool


      I've set the airGapContainerRegistryHostname and airGapContainerRegistryHostname fields to be my local registry and organization, respectively. They appear to be getting overriden correctly. 


      I'm using a Nexus server as a registry, deployed on top of OpenShift. All of the requisite container images have been pushed there. 


      I'm getting x509 errors when OCP tries to pull the images from the Nexus registry. Normally what I would do is add a pull secret to the application's deploymentconfig, but that's not possible with the operator. I've created 2 local secrets, one generic (using a .dockercfg file) and one of type docker-registry, both of which have sufficient credentials to access my Nexus registry. I've linked them to the codeready-operator service account and all of the other service accounts as well (deployer, builder, default)

      [cwyatt@fedora-vm crw-automation]$ oc describe sa codeready
      Name:                codeready-operator
      Namespace:           workspaces
      Labels:              <none>
      Annotations:         <none>
      Image pull secrets:  codeready-operator-dockercfg-wfh57
      Mountable secrets:   codeready-operator-token-4c7h8
      Tokens:              codeready-operator-token-4c7h8
      Events:              <none>

      See screenshot for error output

            abazko Anatolii Bazko
            rhn-gps-cwyatt Cameron Wyatt
            0 Vote for this issue
            6 Start watching this issue
