Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.19.0
Component/s: HyperShift
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

importing images from a remote private mirror registry failed when both proxy cert and mirror registry cert are set in proxy configuration trustCA field:

spec:
  httpProxy: http://10.0.142.173:8080
  httpsProxy: https://10.0.142.173:8080
  trustedCA:
    name: custom-ca-bundle

Version-Release number of selected component (if applicable):

How reproducible:

always

Steps to Reproduce:

    1. setup a remote private mirror registry     
    2. set up a cluster with a secure proxy, both proxy cert and mirror registry cert are set in proxy configuration trustCA field     
    3. import image 'oc import-image'

jiezhao-mac:hypershift jiezhao$ oc import-image ruby-hello-world:latest --from=ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/openshift/ruby-hello-world --confirm
error: tag latest failed: Internal error occurred: ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/openshift/ruby-hello-world:latest: Get "https://ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
imagestream.image.openshift.io/ruby-hello-world imported with errorsName:            ruby-hello-world
Namespace:        default
Created:        Less than a second ago
Labels:            <none>
Annotations:        openshift.io/image.dockerRepositoryCheck=2024-12-19T02:01:46Z
Image Repository:    image-registry.openshift-image-registry.svc:5000/default/ruby-hello-world
Image Lookup:        local=false
Unique Images:        0
Tags:            1latest
  tagged from ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/openshift/ruby-hello-world  ! error: Import failed (InternalError): Internal error occurred: ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/openshift/ruby-hello-world:latest: Get "https://ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
      Less than a second ago
error: imported completed with errors
jiezhao-mac:hypershift jiezhao$

Actual results:

   it failed to import image

Expected results:

    importing image is successful

Additional info:

The issue is that the proxy ca bundle is not getting mounted on the openshift-apiserver pod.

Assignee:: Unassigned

Reporter:: Jie Zhao

Need Info From:: None

Contributors:: None

QA Contact:: Jie Zhao

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/12/19 5:13 PM

Updated:: 2025/07/17 1:27 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide