Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-50902

Configuring insecure registries for HCP based cluster

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      
IHAC who want to deploy a HCP cluster using Ovirt for nodepool.
To do so, In the management (host) cluster we configure insecure registries the usual way, which is:


{code:java}
apiVersion: config.openshift.io/v1
kind: Image
metadata:
  annotations:
    include.release.openshift.io/ibm-cloud-managed: "true"
    include.release.openshift.io/self-managed-high-availability: "true"
    release.openshift.io/create-only: "true"
  creationTimestamp: "2024-11-14T09:00:32Z"
  generation: 5
  name: cluster
  ownerReferences:
  - apiVersion: config.openshift.io/v1
    kind: ClusterVersion
    name: version
    uid: e59d33ae-fa3f-41c0-84ed-b2c6c4b3cda8
  resourceVersion: "134504596"
  uid: 558111a8-ceee-46a0-954f-5b26819f52ad
spec:
  registrySources:
    insecureRegistries:
    - registryInsecure:5000

      While deploying the HCP cluster hostedCluster CR is configured as per below:

      apiVersion: hypershift.openshift.io/v1beta1
kind: HostedCluster
metadata:
  annotations:
    create-external-hub-kubeconfig: "2025-01-27T21:59:28Z"
    hypershift.openshift.io/HasBeenAvailable: "true"
    hypershift.openshift.io/management-platform: None
  creationTimestamp: "2025-01-13T08:01:51Z"
  finalizers:
  - hypershift.openshift.io/finalizer
  generation: 4
  labels:
    hypershift.openshift.io/auto-created-for-infra: adamlesch-cluster-l6nk2
  name: adamlesch-cluster
  namespace: clusters
  resourceVersion: "200340818"
  uid: ea016078-a68d-48aa-bf85-54cf2a41d110
spec:
  autoscaling: {}
  clusterID: de28c1b7-b317-45dc-ac90-94f021472131
  configuration:
    image:
      registrySources:
        insecureRegistries:
        - registryInsecure:5000

      this will configure the managed cluster correctly:

      $ oc get image.config.openshift.io/cluster -oyaml
apiVersion: config.openshift.io/v1
kind: Image
metadata:
  annotations:
    include.release.openshift.io/ibm-cloud-managed: "true"
    include.release.openshift.io/self-managed-high-availability: "true"
    release.openshift.io/create-only: "true"
  creationTimestamp: "2025-01-13T08:03:34Z"
  generation: 3
  labels:
    hypershift.openshift.io/managed: "true"
  name: cluster
  ownerReferences:
  - apiVersion: config.openshift.io/v1
    kind: ClusterVersion
    name: version
    uid: a03b0bb3-df95-4fc6-b2b1-75a2af9d39eb
  resourceVersion: "4255974"
  uid: 23151540-202a-4c32-a72d-5c64ed6e331f
spec:
  additionalTrustedCA:
    name: ""
  registrySources:
    insecureRegistries:
    - registryInsecure:5000
status:
  internalRegistryHostname: image-registry.openshift-image-registry.svc:5000

      However, even with image config is configured image pull is getting failed on the managed cluster.
      The cluster is deployed using HCP cli.
      The question here is do we support HCP deployment with insecure registry ?

          Version-Release number of selected component (if applicable):{code:none}
4.17.z

      How reproducible:

      
N/A

      Steps to Reproduce:

          1. configure image config with insecure registry
    2. deploy HCP cluster using cli 
    3. add insecure registry details to hostedCluster CR

      Actual results:

      
Unable to download images

      Expected results:

      
Should be able to download image

      Additional info:

              jparrill@redhat.com Juan Manuel Parrilla Madrid
              rhn-support-chdeshpa Chinmay Deshpande
              None
              None
              XiuJuan Wang XiuJuan Wang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: