Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-47464

It failed to import images from a remote private mirror registry and mirror registry cert is set in proxy configuration trustCA field

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • 4.19.0
    • HyperShift
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      importing images from a remote private mirror registry failed when both proxy cert and mirror registry cert are set in proxy configuration trustCA field:
      
      spec:
        httpProxy: http://10.0.142.173:8080
        httpsProxy: https://10.0.142.173:8080
        trustedCA:
          name: custom-ca-bundle

      Version-Release number of selected component (if applicable):

          

      How reproducible:

      always

      Steps to Reproduce:

          1. setup a remote private mirror registry     
          2. set up a cluster with a secure proxy, both proxy cert and mirror registry cert are set in proxy configuration trustCA field     
          3. import image 'oc import-image'
      
      jiezhao-mac:hypershift jiezhao$ oc import-image ruby-hello-world:latest --from=ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/openshift/ruby-hello-world --confirm
      error: tag latest failed: Internal error occurred: ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/openshift/ruby-hello-world:latest: Get "https://ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
      imagestream.image.openshift.io/ruby-hello-world imported with errorsName:            ruby-hello-world
      Namespace:        default
      Created:        Less than a second ago
      Labels:            <none>
      Annotations:        openshift.io/image.dockerRepositoryCheck=2024-12-19T02:01:46Z
      Image Repository:    image-registry.openshift-image-registry.svc:5000/default/ruby-hello-world
      Image Lookup:        local=false
      Unique Images:        0
      Tags:            1latest
        tagged from ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/openshift/ruby-hello-world  ! error: Import failed (InternalError): Internal error occurred: ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/openshift/ruby-hello-world:latest: Get "https://ec2-18-220-45-148.us-east-2.compute.amazonaws.com:8443/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
            Less than a second ago
      error: imported completed with errors
      jiezhao-mac:hypershift jiezhao$      

      Actual results:

         it failed to import image

      Expected results:

          importing image is successful

      Additional info:

      The issue is that the proxy ca bundle is not getting mounted on the openshift-apiserver pod.

              Unassigned Unassigned
              rhn-support-jiezhao Jie Zhao
              None
              None
              Jie Zhao Jie Zhao
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: