-
Bug
-
Resolution: Done-Errata
-
Critical
-
4.16
-
Important
-
Yes
-
Approved
-
False
-
-
Release Note Not Required
-
In Progress
This is a clone of issue OCPBUGS-33453. The following is the description of the original issue:
—
Description of problem:
Can't access the openshift namespace images without auth after grant public access to openshift namespace
Version-Release number of selected component (if applicable):
4.16.0-0.nightly-2024-05-05-102537
How reproducible:
always
Steps to Reproduce:
1. $ oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
$ HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
2. $ oc adm policy add-role-to-group system:image-puller system:unauthenticated --namespace openshift
Warning: Group 'system:unauthenticated' not found
clusterrole.rbac.authorization.k8s.io/system:image-puller added: "system:unauthenticated"
3. Try to fetch image metadata:
$ oc image info --insecure "${HOST}/openshift/cli:latest"
Actual results:
$ oc image info default-route-openshift-image-registry.apps.wxj-a41659.qe.azure.devcluster.openshift.com/openshift/cli:latest --insecure error: unable to read image default-route-openshift-image-registry.apps.wxj-a41659.qe.azure.devcluster.openshift.com/openshift/cli:latest: unauthorized: authentication required
Expected results:
Could get the public image info without auth
Additional info:
This is a regression for 4.16, this feature works on 4.15 and below.
- clones
-
-
- Verified
-
- is blocked by
-
-
- Verified
-
- links to
-
RHEA-2024:0041
OpenShift Container Platform 4.16.z bug fix update
