Bug 1931856

Summary: ServiceAccount Registry Authfiles Do Not Contain Entries for Public Hostnames
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: Image RegistryAssignee: Ricardo Maraschini <rmarasch>
Status: CLOSED ERRATA QA Contact: Wenjing Zheng <wzheng>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.1.zCC: aaleman, aos-bugs, ccoleman, hongkliu, rmarasch
Target Milestone: ---   
Target Release: 4.7.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Automatically created docker config secret does not include credentials for integrated internal registry routes. Consequence: As no credentials were present for accessing the registry through any of its routes pods attempting to reach the registry were failing due to lack of authentication. Fix: Include all configured registry routes to the default docker credential secret. Result: Now pods can reach the integrated registry by any of its routes as credentials now contain an entry for each route.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-05 13:55:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1911470    
Bug Blocks: 1931857    

Comment 2 Wenjing Zheng 2021-03-04 08:33:18 UTC 
Verified with the open pr:
$ oc extract secrets/default-dockercfg-6v4nx --to=- | jq 'keys'
# .dockercfg
[
  "172.30.254.113:5000",
  "default-route-openshift-image-registry.apps.ci-ln-kg7p89t-f76d1.origin-ci-int-gce.dev.openshift.com",
  "image-registry.openshift-image-registry.svc.cluster.local:5000",
  "image-registry.openshift-image-registry.svc:5000"
]
Comment 5 Wenjing Zheng 2021-03-25 02:57:20 UTC 
Verified on 4.7.0-0.nightly-2021-03-24-180733:
$ oc extract secrets/default-dockercfg-sdpbl --to=- | jq 'keys'
# .dockercfg
[
  "172.30.238.115:5000",
  "default-route-openshift-image-registry.apps.qe-ui47-0325.qe.devcluster.openshift.com",
  "image-registry.openshift-image-registry.svc.cluster.local:5000",
  "image-registry.openshift-image-registry.svc:5000"
]
Comment 6 Hongkai Liu 2021-03-25 19:52:17 UTC 
Probably did not make it into 4.7.4.
Will verify on 4.7.5 when available.
Comment 9 errata-xmlrpc 2021-04-05 13:55:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.5 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1005