Bug 1578269
Summary: | Error handling when upstream certificates are not trusted needs to be improved | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Simon Reber <sreber> |
Component: | Image Registry | Assignee: | Oleg Bulatov <obulatov> |
Status: | CLOSED ERRATA | QA Contact: | Dongbo Yan <dyan> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 3.7.1 | CC: | aos-bugs |
Target Milestone: | --- | ||
Target Release: | 3.10.0 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: |
Feature: send to the client why the registry can't pull the manifest from the remote registry.
Reason: without this information, it's harder to understand what's going on.
Result: the registry can send non-standard errors with additional information.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-07-30 19:15:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Simon Reber
2018-05-15 07:19:50 UTC
Verified openshift v3.10.0-0.64.0 kubernetes v1.10.0+b81c8f8 Reproduce steps: 1.Create an external secure registry 2.Add certificate from external secure registry into openshift cluster, import image from external registry 3.Remove the certificate, docker pull imported image from openshift internal registry Actual results: # docker pull docker-registry.default.svc:5000/dyan/busy2 Using default tag: latest Trying to pull repository docker-registry.default.svc:5000/dyan/busy2 ... unknown: unable to pull manifest from dyan-registry.usersys.redhat.com/test/busybox:latest: Get https://dyan-registry.usersys.redhat.com/v2/: x509: certificate signed by unknown authority Additional info: When add certificate into registry pod via secret, could pull image successfully # docker pull docker-registry.default.svc:5000/dyan/busy2 Using default tag: latest Trying to pull repository docker-registry.default.svc:5000/dyan/busy2 ... latest: Pulling from docker-registry.default.svc:5000/dyan/busy2 07a152489297: Pull complete Digest: sha256:74f634b1bc1bd74535d5209589734efbd44a25f4e2dc96d78784576a3eb5b335 Status: Downloaded newer image for docker-registry.default.svc:5000/dyan/busy2:latest Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1816 |