Bug 1730722
Summary: | image.config.openshift.io/cluster "blockedRegistries" spec is not properly blacklisting for build push operations | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Pedro Amoedo <pamoedom> |
Component: | Build | Assignee: | Adam Kaplan <adam.kaplan> |
Status: | CLOSED ERRATA | QA Contact: | wewang <wewang> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.1.0 | CC: | adam.kaplan, aos-bugs, dornelas, wewang, wzheng |
Target Milestone: | --- | ||
Target Release: | 4.2.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: Blocked registries were not set in `registries.conf` used by buildah
Consequence: Buildah could push an image to a registry blocked by the cluster image policy
Fix: The `registries.conf` file generated for builds includes blocked registries
Result: Builds respect the blocked registries setting for image pull and push
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-10-16 06:29:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Pedro Amoedo
2019-07-17 12:59:05 UTC
Since latest payload is not include the pr, so tested it in ci payload, and verified it. version: 4.2.0-0.ci-2019-08-30-032806 Pushing image docker.io/pamoedo/mytime:latest ... Successfully pushed docker.io/pamoedo/mytime:latest Warning: Push failed, retrying in 5s ... Successfully pushed docker.io/pamoedo/mytime:latest Warning: Push failed, retrying in 5s ... Successfully pushed docker.io/pamoedo/mytime:latest Warning: Push failed, retrying in 5s ... Registry server Address: Registry server User Name: wewang58 Registry server Email: Registry server Password: <<non-empty>> error: build error: Failed to push image: push access to registry for "docker://pamoedo/mytime:latest" is blocked by configuration @Pedro fix was applied in this PR: https://github.com/openshift/openshift-controller-manager/pull/21 (In reply to Adam Kaplan from comment #10) > @Pedro fix was applied in this PR: > https://github.com/openshift/openshift-controller-manager/pull/21 Thank you! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922 |