Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
quay-v3.7.0
Description
Description of problem:
Quay official document has a section to guide customer to create a certificate authority and sign a certificate.
Follow the steps in this section, customer will get certificates like below
$ ls certificates20220512_144320/ openssl.cnf rootCA.key rootCA.pem rootCA.srl ssl.cert ssl.csr ssl.key
Then the document guide customer to upload ssl.cert and ssl.key to quay pod by config-tool or CLI.
But the ssl.cert file does not include the information about root CA certificate(rootCA.pem). There is no problem to deploy quay and run quay common features.
But I hit below problem when I tried to mirror image in quay 3.7.0.
Mirror of 7.2-104 failure to repository mirror_test/no_sign Source 'docker://registry.redhat.io/rhel7:7.2-104' failed to sync time="2022-05-09T02:55:31Z" level=fatal msg="trying to reuse blob sha256:30cf2e26a24f2a8426cbe8444f8af2ecb7023bd468b05c1b6fd0b2797b0f9ff9 at destination: pinging container registry quayregistry-quay-quay-enterprise.apps.whu48az15.qe.azure.devcluster.openshift.com: Get \"https://quayregistry-quay-quay-enterprise.apps.whu48az15.qe.azure.devcluster.openshift.com/v2/\": x509: certificate signed by unknown authority"
There is no step in document to guide customer to upload rootCA.pem to quay.
Then I run "cat rootCA.pem >> ssl.cert" to attach rootCA.pem to ssl.cert and upload ssl.cert again to resolve this problem.
It's better to add document about how to upload root CA certificate to quay in a professional way.