-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
Pipelines 1.15.0
-
False
-
None
-
False
-
-
Description of problem:
New resolver task skopeo-copy cannot handle pull/push from/to internal registry (image-registry.openshift-image-registry.svc:5000/).
Workaround is to set SRC_TLS_VERIFY/DEST_TLS_VERIFY to false. This was not needed with cluster task skopeo-copy. Alternative, user can use an external image registry with a valid certificate.
Prerequisites (if any, like setup, operators/versions):
Pipelines 1.15.0
Steps to Reproduce
# Create following pipeline run
- re-run with disabled TLS verification
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: skopeo-copy-run
spec:
pipelineSpec:
tasks:
- name: run-skopeo-copy
taskRef:
resolver: cluster
params:
- name: kind
value: task
- name: name
value: skopeo-copy
- name: namespace
value: openshift-pipelines
params:
- name: SOURCE_IMAGE_URL
value: "docker://image-registry.openshift-image-registry.svc:5000/openshift/golang"
- name: DESTINATION_IMAGE_URL
value: "docker://image-registry.openshift-image-registry.svc:5000/$(context.pipelineRun.namespace)/golang:skopeo"
- name: DEST_TLS_VERIFY
value: "true"
- name: SRC_TLS_VERIFY
value: "true"
- name: "VERBOSE"
value: "true"
workspaces:
- name: images_url
workspace: images_url
workspaces:
- name: images_url
timeouts:
pipeline: 5m
workspaces:
- name: images_url
emptyDir: {}
Actual results:
fails to verify certificate
Expected results:
certificate validation succeeds
Reproducibility (Always/Intermittent/Only Once):
always
