Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-1004

[OCP 3.11] Unable to pull from untrusted registry in disconnect environment

XMLWordPrintable

      I have a disconnected OpenShift 3.11 environment that I'm trying to install CRW 2.1 in. I'm following the documentation found here - https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.1/html-single/installation_guide/index#installing-codeready-workspaces-in-a-restricted-environment-using-cli-management-tool

       

      I've set the airGapContainerRegistryHostname and airGapContainerRegistryHostname fields to be my local registry and organization, respectively. They appear to be getting overriden correctly. 

       

      I'm using a Nexus server as a registry, deployed on top of OpenShift. All of the requisite container images have been pushed there. 

       

      I'm getting x509 errors when OCP tries to pull the images from the Nexus registry. Normally what I would do is add a pull secret to the application's deploymentconfig, but that's not possible with the operator. I've created 2 local secrets, one generic (using a .dockercfg file) and one of type docker-registry, both of which have sufficient credentials to access my Nexus registry. I've linked them to the codeready-operator service account and all of the other service accounts as well (deployer, builder, default)

      [cwyatt@fedora-vm crw-automation]$ oc describe sa codeready
      Name:                codeready-operator
      Namespace:           workspaces
      Labels:              <none>
      Annotations:         <none>
      Image pull secrets:  codeready-operator-dockercfg-wfh57
                           nexus-secret
                           nexus
      Mountable secrets:   codeready-operator-token-4c7h8
                           codeready-operator-dockercfg-wfh57
      Tokens:              codeready-operator-token-4c7h8
                           codeready-operator-token-sm4r4
      Events:              <none>
      

      See screenshot for error output

              abazko Anatolii Bazko
              rhn-gps-cwyatt Cameron Wyatt
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: