-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
False
-
-
False
-
-
Goal:
- Investigate how to make support of registry exposed by route
Problem:
When the image registry is exposed by default route, the OPCT was forced to extract the utilities through the new route, as image-registry is refusing the authentication though internal endpoint. The fixes in the extractor was added in OPCT-265 , although the openshift-tests utility start raising issues when using this path.
The openshift-tests utility is raising this error when using image registry exposed as a route:
grep -c 'Failed to pull image' results/podlogs/openshift-provider-certification/sonobuoy-20-openshift-conformance-validated-job-43f518ca35fb4622/logs/plugin.txt 14 $ grep 'Failed to pull image' results/podlogs/openshift-provider-certification/sonobuoy-20-openshift-conformance-validated-job-43f518ca35fb4622/logs/plugin.txt | tail -n1 Warning Failed 94s (x4 over 2m58s) kubelet Failed to pull image "default-route-openshift-image-registry.apps.example.com/e2e-test-registry-signing-gnqdc/signer:latest": rpc error: code = Unknown desc = pinging container registry default-route-openshift-image-registry.apps.example.com: Get "https://default-route-openshift-image-registry.apps.example.com/v2/": x509: certificate signed by unknown authority
Workarround:
- Disable default route and run the tests using internal endpoint:
oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":false}}' --type=merge
- relates to
-
OPCT-266 [plugin] Investigate if the extractor can use internal registry endpoint when the route is created
- To Do