Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-9122

[DOCS] Firewall allow list registry.access.redhat.com must be paired with its signature store access.redhat.com

    XMLWordPrintable

Details

    • Moderate
    • 5
    • OSDOCS Sprint 239, OSDOCS Sprint 240
    • 2
    • Unspecified
    • If docs needed, set a value

    Description

      Document URL:

      https://docs.openshift.com/container-platform/4.9/installing/install_config/configuring-firewall.html
      https://docs.openshift.com/rosa/rosa_getting_started/rosa-aws-prereqs.html#osd-aws-privatelink-firewall-prerequisites

      Describe the issue:

      Cannot pull images from registry.access.redhat.com in a firewall environment.

      The registry.access.redhat.com is listed on the firewall allow list. This registry uses a signature store hosted on access.redhat.com so they need to be allowed together in order to pull images.

      $ cat /etc/containers/registries.d/registry.access.redhat.com.yaml
      docker:
      registry.access.redhat.com:
      sigstore: https://access.redhat.com/webassets/docker/content/sigstore

      Also it would be nice to improve the registry.access.redhat.com description, it's a pretty common registry used by several tools and examples (we got this issue with OpenShift Pipelines), so saying odo alone in the description is a bit weird.

      Attachments

        Activity

          People

            dfitzmau@redhat.com Darragh Fitzmaurice
            rhn-support-tkimura Takayoshi Kimura
            Gaoyun Pei Gaoyun Pei
            Latha Sreenivasa Murthy Latha Sreenivasa Murthy
            Red Hat Employee
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: