Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-9122

[DOCS] Firewall allow list registry.access.redhat.com must be paired with its signature store access.redhat.com

XMLWordPrintable

    • Moderate
    • None
    • 5
    • OSDOCS Sprint 239, OSDOCS Sprint 240
    • 2
    • Unspecified
    • If docs needed, set a value

      Document URL:

      https://docs.openshift.com/container-platform/4.9/installing/install_config/configuring-firewall.html
      https://docs.openshift.com/rosa/rosa_getting_started/rosa-aws-prereqs.html#osd-aws-privatelink-firewall-prerequisites

      Describe the issue:

      Cannot pull images from registry.access.redhat.com in a firewall environment.

      The registry.access.redhat.com is listed on the firewall allow list. This registry uses a signature store hosted on access.redhat.com so they need to be allowed together in order to pull images.

      $ cat /etc/containers/registries.d/registry.access.redhat.com.yaml
      docker:
      registry.access.redhat.com:
      sigstore: https://access.redhat.com/webassets/docker/content/sigstore

      Also it would be nice to improve the registry.access.redhat.com description, it's a pretty common registry used by several tools and examples (we got this issue with OpenShift Pipelines), so saying odo alone in the description is a bit weird.

              dfitzmau@redhat.com Darragh Fitzmaurice
              rhn-support-tkimura Takayoshi Kimura
              Gaoyun Pei Gaoyun Pei
              Latha Sreenivasa Murthy Latha Sreenivasa Murthy
              Red Hat Employee
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: