Bug 1278974
| Summary: | Unable to pull from another Secured Registry | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Ryan Howe <rhowe> | |
| Component: | openshift-controller-manager | Assignee: | Michal Minar <miminar> | |
| Status: | CLOSED ERRATA | QA Contact: | zhou ying <yinzhou> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 3.1.0 | CC: | aos-bugs, ccoleman, miminar, pep, pweil, rhowe, szobair, tdawson | |
| Target Milestone: | --- | Keywords: | Reopened | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | atomic-openshift-3.1.1.900-1.git.1.bacd67f.el7 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1289343 1292962 1292963 (view as bug list) | Environment: | ||
| Last Closed: | 2016-05-12 16:25:09 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1292962, 1292963 | |||
| Bug Blocks: | 1267746, 1289343 | |||
|
Description
Ryan Howe
2015-11-06 22:04:25 UTC
I've just successfuly deployed a router from secured registry (registry.qe.openshift.com (v2)) using the mentioned procedure. I'll try again with new-app after I setup my private secured registry. Ryan, it seems that the reproducer is missing `--for=pull` flag as mentioned in the guide:
$ oc secrets add serviceaccount/default secrets/<pull_secret_name> --for=pull
If called without it, the secret won't be added to "Image pull secretes" but to "Mountable secrets" :
$ oc describe serviceaccount default
Name: default
Namespace: default
Labels: <none>
Image pull secrets: default-dockercfg-a3t5h
Mountable secrets: default-token-d4hvj
default-dockercfg-a3t5h
my-secured-registry-secret
...
I verified that the deployment indeed fails. After running `oc secrets add ... --for=pull`, the deployment succeeds.
Does it help?
[root@master-001 ~]# oc version oc v3.1.0.4-16-g112fcc4 kubernetes v1.1.0-origin-1107-g4c8e6f4 This was just fixed in the 3.1.1 stream. Well, a part of it was just fixed. There may be another gap. Ok, there's three parts to this :) 1. The thing I just fixed was related to how clients load Docker secrets for talking to a local daemon. That wasn't your issue (although it would come up in some cases when the daemon was in a VM). 2. new-app doesn't support authenticated registries today but should 3. You can't import images from authenticated repos today without pushing them into OpenShift. We'd like to do this, but haven't yet done it. So the second and third part are two separate RFEs - we probably need to do 3 first, before we do 2 (because new-app being able to tell the server about the images it sees isn't very useful if the image isn't importable) To clarify: (In reply to Clayton Coleman from comment #9) > Ok, there's three parts to this :) > > 1. The thing I just fixed was related to how clients load Docker secrets for > talking to a local daemon. That wasn't your issue (although it would come > up in some cases when the daemon was in a VM). If I understood correctly, the issue observed in comment #5 was related to the missing functionality in new-app (part 2 below), and with the fix mentioned in comment #7 pulling from an external secured registry should work fine. In other words: this bugzilla right now is just tracking the release of that fix in comment #7, right? (if you have a pointer to an upstream issue/pr/commit it would be nice) > 2. new-app doesn't support authenticated registries today but should Bug 1292962 tracks this. > 3. You can't import images from authenticated repos today without pushing > them into OpenShift. We'd like to do this, but haven't yet done it. Bug 1292963 tracks this. > So the second and third part are two separate RFEs - we probably need to do > 3 first, before we do 2 (because new-app being able to tell the server about > the images it sees isn't very useful if the image isn't importable) Right - but at the same time it's also important to have CLI support for the functionality, so ideally they should be both released together. But in any case this should be tracked in the respective bugzillas. Josep, items 2) and 3) did not make it to 3.1.1. Item 3) > 3. You can't import images from authenticated repos today without pushing > them into OpenShift. We'd like to do this, but haven't yet done it. has been fixed recently with https://github.com/openshift/origin/pull/6288. Item 2) hasn't been fixed yet. Clayton, please correct me if I'm wrong. Fixed by PRs #6288 #6800. I've confirmed on latest ami devenv-rhel7_3422, the issue has fixed. [root@ip-172-18-2-200 amd64]# openshift version openshift v1.1.2-258-gda69009 kubernetes v1.2.0-origin etcd 2.2.2+git When the latest OSE env ready, I'll verify again. On OSE env :
openshift v3.1.1.905
kubernetes v1.2.0-alpha.7-703-gbc4550d
etcd 2.2.5
The issue still exist:
[root@zhouy roottest]# oc describe serviceaccount
Name: builder
Namespace: zhouy
Labels: <none>
Mountable secrets: builder-token-offls
builder-dockercfg-wy2eu
hubyinzhou1
Tokens: builder-token-fitue
builder-token-offls
Image pull secrets: builder-dockercfg-wy2eu
Name: default
Namespace: zhouy
Labels: <none>
Image pull secrets: default-dockercfg-ktza7
hubyinzhou1
Mountable secrets: default-token-cda1p
default-dockercfg-ktza7
Tokens: default-token-269cp
default-token-cda1p
Name: deployer
Namespace: zhouy
Labels: <none>
Image pull secrets: deployer-dockercfg-8dyy7
Mountable secrets: deployer-token-6kad3
deployer-dockercfg-8dyy7
Tokens: deployer-token-6kad3
deployer-token-ehgp5
[root@zhouy roottest]# oc describe secret hubyinzhou1
Name: hubyinzhou1
Namespace: zhouy
Labels: <none>
Annotations: <none>
Type: kubernetes.io/dockercfg
Data
====
.dockercfg: {"https://auth.docker.io":{"username":"zhouying7780","password":"xxxxxx","email":"yinzhou","auth":"emhvdXlpbmc3NzgwOmFuZHlsdnU5OQ=="}}
[root@zhouy roottest]# oc new-app --loglevel=5 docker.io/zhouying7780/deployment-example:latest
I0225 02:25:01.629951 24451 newapp.go:430] Docker client did not respond to a ping: Get http://unix.sock/_ping: dial unix /var/run/docker.sock: no such file or directory
I0225 02:25:01.630199 24451 imagestreamlookup.go:29] image streams must be of the form [<namespace>/]<name>[:<tag>|@<digest>], term "docker.io/zhouying7780/deployment-example:latest" did not qualify
I0225 02:25:06.610114 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610135 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610142 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610148 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610154 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610160 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610166 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610172 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610178 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610184 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610190 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610196 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610202 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610207 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610213 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610219 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610225 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610231 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610237 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610243 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610249 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610255 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610261 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610267 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610273 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610279 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610285 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610291 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610297 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610303 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610309 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610812 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610838 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610864 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610872 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610885 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610892 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610898 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610904 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610911 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610917 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610923 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610929 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610935 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610941 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610947 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610953 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610959 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610966 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610972 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610978 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610985 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610991 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.610997 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.611002 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.611008 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.611015 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.611021 24451 templatelookup.go:57] checking for term docker.io/zhouying7780/deployment-example:latest in namespace openshift
I0225 02:25:06.611087 24451 dockerimagelookup.go:72] checking remote registry for "docker.io/zhouying7780/deployment-example:latest"
I0225 02:25:08.836425 24451 dockerimagelookup.go:238] Adding Docker image "docker.io/zhouying7780/deployment-example:latest" (tag "latest"), dda30c8, from docker.io, 5.503mb, author Clayton Coleman <ccoleman> as component match for "docker.io/zhouying7780/deployment-example:latest" with score 0
I0225 02:25:08.836477 24451 dockerimagelookup.go:78] Found remote match docker.io/zhouying7780/deployment-example:latest
I0225 02:25:08.836518 24451 newapp.go:1010] Code []
I0225 02:25:08.836537 24451 newapp.go:1011] Components [docker.io/zhouying7780/deployment-example:latest]
I0225 02:25:08.836569 24451 newapp.go:653] found group: docker.io/zhouying7780/deployment-example:latest
I0225 02:25:08.836583 24451 newapp.go:673] will include "docker.io/zhouying7780/deployment-example:latest"
--> Found Docker image dda30c8 (11 days old) from docker.io for "docker.io/zhouying7780/deployment-example:latest"
* An image stream will be created as "deployment-example:latest" that will track this image
* This image will be deployed in deployment config "deployment-example"
* Port 8080/tcp will be load balanced by service "deployment-example"
* Other containers can access this service through the hostname "deployment-example"
* WARNING: Image "deployment-example" runs as the 'root' user which may not be permitted by your cluster administrator
--> Creating resources with label app=deployment-example ...
imagestream "deployment-example" created
deploymentconfig "deployment-example" created
service "deployment-example" created
--> Success
Run 'oc status' to view your app.
[root@zhouy roottest]# oc get pods
NAME READY STATUS RESTARTS AGE
deployment-example-1-deploy 1/1 Running 0 12h
deployment-example-1-xb5pj 0/1 ContainerCreating 0 12h
[root@zhouy roottest]# oc describe pod deployment-example-1-xb5pj
Name: deployment-example-1-xb5pj
Namespace: zhouy
Image(s): docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6
Node: openshift-149.lab.sjc.redhat.com/10.14.6.149
Start Time: Wed, 24 Feb 2016 13:27:11 -0500
Labels: app=deployment-example,deployment=deployment-example-1,deploymentconfig=deployment-example
Status: Pending
Reason:
Message:
IP: 10.2.1.9
Controllers: ReplicationController/deployment-example-1
Containers:
deployment-example:
Container ID:
Image: docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6
Image ID:
QoS Tier:
cpu: BestEffort
memory: BestEffort
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready False
Volumes:
default-token-cda1p:
Type: Secret (a secret that should populate this volume)
SecretName: default-token-cda1p
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
12h 12h 1 {default-scheduler } Normal Scheduled Successfully assigned deployment-example-1-xb5pj to openshift-149.lab.sjc.redhat.com
12h 12h 1 {kubelet openshift-149.lab.sjc.redhat.com} spec.containers{deployment-example} Normal BackOff Back-off pulling image "docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6"
12h 12h 1 {kubelet openshift-149.lab.sjc.redhat.com} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "deployment-example" with ImagePullBackOff: "Back-off pulling image \"docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6\""
12h 12h 2 {kubelet openshift-149.lab.sjc.redhat.com} spec.containers{deployment-example} Normal Pulling pulling image "docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6"
12h 12h 2 {kubelet openshift-149.lab.sjc.redhat.com} spec.containers{deployment-example} Warning Failed Failed to pull image "docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6": image pull failed for docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6, this may be because there are no credentials on this request. details: (unauthorized: access to the requested resource is not authorized)
12h 12h 2 {kubelet openshift-149.lab.sjc.redhat.com} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "deployment-example" with ErrImagePull: "image pull failed for docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6, this may be because there are no credentials on this request. details: (unauthorized: access to the requested resource is not authorized)"
I've verified that it is forking both with docker.io registry (with private repository) and private v2 registry.
My docker config secret for docker.io looks like this though:
$ oc describe secret miminar-dockerio
Name: miminar-dockerio
Namespace: default
Labels: <none>
Annotations: <none>
Type: kubernetes.io/dockercfg
Data
====
.dockercfg: {"https://index.docker.io/v1/":{"username":"miminar","password":"XXXX","email":"miminar","auth":"xxxxxxxx"}}
Note the server url which is the default value for docker-server option:
$ oc secrets new-dockercfg --help |& grep docker-server
...
--docker-server='https://index.docker.io/v1/': Server location for Docker registry
With "https://auth.docker.io/", taken from your reproducer, it doesn't work indeed.
Verified both for the `default` and non-default namespaces.
Verified on latest ami, the issue has fixed.
[root@ip-172-18-6-238 amd64]# openshift version
openshift v1.1.3-342-g8f04689
kubernetes v1.2.0-alpha.7-703-gbc4550d
etcd 2.2.5
[root@ip-172-18-6-238 amd64]# oc describe secrets hubyinzhou1
Name: hubyinzhou1
Namespace: zhouy
Labels: <none>
Annotations: <none>
Type: kubernetes.io/dockercfg
Data
====
.dockercfg: {"https://index.docker.io/v1/":{"username":"zhouying7780","password":"xxxxx","email":"yinzhou","auth":"xxxxxxxxxxxxx"}}
oc new-app --loglevel=5 docker.io/zhouying7780/deployment-example:latest
[root@ip-172-18-6-238 amd64]# oc get pods
NAME READY STATUS RESTARTS AGE
deployment-example-1-f4h5b 1/1 Running 0 4m
[root@ip-172-18-6-238 amd64]# oc describe pod deployment-example-1-f4h5b
Name: deployment-example-1-f4h5b
Namespace: zhouy
Image(s): docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6
Node: ip-172-18-6-238.ec2.internal/172.18.6.238
Start Time: Mon, 29 Feb 2016 20:47:20 -0500
Labels: app=deployment-example,deployment=deployment-example-1,deploymentconfig=deployment-example
Status: Running
Reason:
Message:
IP: 172.17.0.4
Controllers: ReplicationController/deployment-example-1
Containers:
deployment-example:
Container ID: docker://ba3331df93e3cf4c0d56c82e7192186beda9f3f350458a53f00e618f3b083229
Image: docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6
Image ID: docker://4081774424e9315432a46596c26ad3ccba86ceb14c71f2090784a9770194f230
Port: 8080/TCP
QoS Tier:
cpu: BestEffort
memory: BestEffort
State: Running
Started: Mon, 29 Feb 2016 20:47:26 -0500
Ready: True
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready True
Volumes:
default-token-xnbp7:
Type: Secret (a secret that should populate this volume)
SecretName: default-token-xnbp7
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
4m 4m 1 {default-scheduler } Normal Scheduled Successfully assigned deployment-example-1-f4h5b to ip-172-18-6-238.ec2.internal
4m 4m 1 {kubelet ip-172-18-6-238.ec2.internal} spec.containers{deployment-example} Normal Pulling pulling image "docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6"
4m 4m 1 {kubelet ip-172-18-6-238.ec2.internal} spec.containers{deployment-example} Normal Pulled Successfully pulled image "docker.io/zhouying7780/deployment-example@sha256:4bdbf0092bc568bb0107bcd37895e58f7028edd371c68c5c0a6160a91c248af6"
4m 4m 1 {kubelet ip-172-18-6-238.ec2.internal} spec.containers{deployment-example} Normal Created Created container with docker id ba3331df93e3
4m 4m 1 {kubelet ip-172-18-6-238.ec2.internal} spec.containers{deployment-example} Normal Started Started container with docker id ba3331df93e3
When the latest OSE env ready, I'll verify again.
Confirmed on latest puddle: [root@openshift-107 ~]# openshift version openshift v3.1.1.908 kubernetes v1.2.0-alpha.7-703-gbc4550d etcd 2.2.5 The issue has fixed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2016:1064 |