Bug 1931856
Summary: | ServiceAccount Registry Authfiles Do Not Contain Entries for Public Hostnames | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | OpenShift BugZilla Robot <openshift-bugzilla-robot> |
Component: | Image Registry | Assignee: | Ricardo Maraschini <rmarasch> |
Status: | CLOSED ERRATA | QA Contact: | Wenjing Zheng <wzheng> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.1.z | CC: | aaleman, aos-bugs, ccoleman, hongkliu, rmarasch |
Target Milestone: | --- | ||
Target Release: | 4.7.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause:
Automatically created docker config secret does not include credentials for integrated internal registry routes.
Consequence:
As no credentials were present for accessing the registry through any of its routes pods attempting to reach the registry were failing due to lack of authentication.
Fix:
Include all configured registry routes to the default docker credential secret.
Result:
Now pods can reach the integrated registry by any of its routes as credentials now contain an entry for each route.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-04-05 13:55:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1911470 | ||
Bug Blocks: | 1931857 |
Comment 2
Wenjing Zheng
2021-03-04 08:33:18 UTC
Verified on 4.7.0-0.nightly-2021-03-24-180733: $ oc extract secrets/default-dockercfg-sdpbl --to=- | jq 'keys' # .dockercfg [ "172.30.238.115:5000", "default-route-openshift-image-registry.apps.qe-ui47-0325.qe.devcluster.openshift.com", "image-registry.openshift-image-registry.svc.cluster.local:5000", "image-registry.openshift-image-registry.svc:5000" ] Probably did not make it into 4.7.4. Will verify on 4.7.5 when available. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.5 security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1005 |