Bug 1615337

Summary: Pod was attempting to pull IP based image URL and getting a certificate error
Product: OpenShift Container Platform Reporter: Johnny Liu <jialiu>
Component: InstallerAssignee: Scott Dodson <sdodson>
Status: CLOSED DUPLICATE QA Contact: Johnny Liu <jialiu>
Severity: high Docs Contact:
Priority: high    
Version: 3.11.0CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---Keywords: Regression
Target Release: 3.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-13 15:05:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
installation log with inventory file embedded none

Description Johnny Liu 2018-08-13 11:26:04 UTC 
Created attachment 1475547 [details]
installation log with inventory file embedded

Description of problem:

Version-Release number of the following components:
openshift-ansible-3.11.0-0.13.0.git.0.16dc599None.noarch
# oc version
oc v3.11.0-0.13.0
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://qe-jialiu4-mrre-1:8443
openshift v3.11.0-0.13.0
kubernetes v1.11.0+d4cacc0


How reproducible:
Always

Steps to Reproduce:
1. Trigger an installation
2. after installation, new an app from template to trigger a s2i build.
3.

Actual results:
Pods failed to start.
# oc get po -n install-test
NAME                              READY     STATUS             RESTARTS   AGE
mongodb-1-sxczc                   1/1       Running            0          1h
nodejs-mongodb-example-1-build    0/1       Completed          0          1h
nodejs-mongodb-example-1-deploy   0/1       Error              0          58m
nodejs-mongodb-example-2-deploy   1/1       Running            0          3m
nodejs-mongodb-example-2-m4ccm    0/1       ImagePullBackOff   0          3m


# oc describe po nodejs-mongodb-example-2-m4ccm -n install-test
<--snip-->
Events:
  Type     Reason          Age              From                        Message
  ----     ------          ----             ----                        -------
  Normal   Scheduled       11s              default-scheduler           Successfully assigned install-test/nodejs-mongodb-example-2-m4ccm to qe-jialiu4-mrre-1
  Normal   Pulling         8s               kubelet, qe-jialiu4-mrre-1  pulling image "172.30.40.162:5000/install-test/nodejs-mongodb-example@sha256:2ce35eeeb37506a05ea425b3ee3329a2d22e666876a6e757d9137452addede62"
  Warning  Failed          8s               kubelet, qe-jialiu4-mrre-1  Failed to pull image "172.30.40.162:5000/install-test/nodejs-mongodb-example@sha256:2ce35eeeb37506a05ea425b3ee3329a2d22e666876a6e757d9137452addede62": rpc error: code = Unknown desc = Get https://172.30.40.162:5000/v2/: x509: certificate signed by unknown authority
  Warning  Failed          8s               kubelet, qe-jialiu4-mrre-1  Error: ErrImagePull
  Normal   BackOff         2s (x2 over 5s)  kubelet, qe-jialiu4-mrre-1  Back-off pulling image "172.30.40.162:5000/install-test/nodejs-mongodb-example@sha256:2ce35eeeb37506a05ea425b3ee3329a2d22e666876a6e757d9137452addede62"
  Warning  Failed          2s (x2 over 5s)  kubelet, qe-jialiu4-mrre-1  Error: ImagePullBackOff
  Normal   SandboxChanged  1s (x3 over 8s)  kubelet, qe-jialiu4-mrre-1  Pod sandbox changed, it will be killed and re-created.


Expected results:
Pods should pull image from docker-registry.default.svc:5000 to avoid such certificate issue.

Additional info:
I tried openshift v3.11.0-0.13.0 + openshift-ansible-3.11.0-0.11.0.git.0.3c66516None.noarch, does not hit such problem, so it is a installer regression bug.
Comment 1 Scott Dodson 2018-08-13 15:05:52 UTC 

*** This bug has been marked as a duplicate of bug 1614025 ***