-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
Pipelines 1.15.0
-
False
-
None
-
False
-
-
Description of problem:
New resolver task skopeo-copy cannot handle pull/push from/to internal registry (image-registry.openshift-image-registry.svc:5000/).
Workaround is to set SRC_TLS_VERIFY/DEST_TLS_VERIFY to false. This was not needed with cluster task skopeo-copy. Alternative, user can use an external image registry with a valid certificate.
Prerequisites (if any, like setup, operators/versions):
Pipelines 1.15.0
Steps to Reproduce
# Create following pipeline run
- re-run with disabled TLS verification
apiVersion: tekton.dev/v1 kind: PipelineRun metadata: name: skopeo-copy-run spec: pipelineSpec: tasks: - name: run-skopeo-copy taskRef: resolver: cluster params: - name: kind value: task - name: name value: skopeo-copy - name: namespace value: openshift-pipelines params: - name: SOURCE_IMAGE_URL value: "docker://image-registry.openshift-image-registry.svc:5000/openshift/golang" - name: DESTINATION_IMAGE_URL value: "docker://image-registry.openshift-image-registry.svc:5000/$(context.pipelineRun.namespace)/golang:skopeo" - name: DEST_TLS_VERIFY value: "true" - name: SRC_TLS_VERIFY value: "true" - name: "VERBOSE" value: "true" workspaces: - name: images_url workspace: images_url workspaces: - name: images_url timeouts: pipeline: 5m workspaces: - name: images_url emptyDir: {}
Actual results:
fails to verify certificate
Expected results:
certificate validation succeeds
Reproducibility (Always/Intermittent/Only Once):
always