Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-58424

Image registry failed to create with x509 error in azurestackhub platform

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • 4.20.0
    • 4.20
    • Image Registry
    • None
    • Quality / Stability / Reliability
    • True
    • Hide

      None

      Show
      None
    • None
    • Critical
    • Yes
    • None
    • Approved
    • None
    • In Progress
    • Release Note Not Required
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      There are x509 error that image registry operator reports
```
E0707 05:10:49.318938       1 controller.go:379] unable to sync: unable to sync storage configuration: storage.AccountsClient#CheckNameAvailability: Fail    ure sending request: StatusCode=0 -- Original Error: Post "https://management.mtcazs.wwtatc.com/subscriptions/de7e09c3-b59a-4c7d-9c77-439c11b92879/provid    ers/Microsoft.Storage/checkNameAvailability?api-version=2019-06-01": tls: failed to verify certificate: x509: certificate signed by unknown authority, re    queuing
472 I0707 05:15:17.382317       1 caconfig.go:127] unable to get the service name to add service-ca.crt
473 I0707 05:15:17.382681       1 imageregistryca.go:130] unable to get the service name to add service-ca.crt
``` this caused image-registry-tls secret not created, and image-registry-certificates with empty data, then image-registry instances don't be created

      Version-Release number of selected component (if applicable):

      4.20.0-0.nightly-2025-07-01-051543

      How reproducible:

      always

      Steps to Reproduce:

          1. Install a 4.20 ocp cluster on ASH
    2.
    3.

      Actual results:

      image registry failed to create with above x509 error
[image registry operator detailed logs|https://gcsweb-qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.20-amd64-nightly-azure-stack-ipi-f28/1939772295111249920/artifacts/azure-stack-ipi-f28/gather-extra/artifacts/pods/openshift-image-registry_cluster-image-registry-operator-687cd8f9c7-46c4k_cluster-image-registry-operator.log ]

      Expected results:

      Should create image registry instances successfully.

      Additional info:

      The must-gather log in https://gcsweb-qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.20-amd64-nightly-azure-stack-ipi-f28/1939772295111249920/artifacts/azure-stack-ipi-f28/gather-must-gather/

I monitor jobs failed on ASH startred June 23, and we have successful job in June 15, such as https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.20-amd64-nightly-azure-stack-ipi-proxy-f14-disasterrecovery/1934026245704519680

              rmarasch@redhat.com Ricardo Maraschini
              rh-ee-xiuwang XiuJuan Wang
              None
              None
              Wen Wang Wen Wang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: