Bug 2115387

Summary: ClusterTask openshift-client refers to internal registry in cluster without registry
Product: Red Hat OpenShift Pipelines Reporter: Chandler Wilkerson <cwilkers>
Component: pipelinesAssignee: Vincent Demeester <vdemeest>
Status: NEW --- QA Contact: Ruchir Garg <rgarg>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 1.7CC: cboudjna, dholler, fmatouschek, kbaig, nikthoma, pgarg, ppitonak, rbehera, sashture
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chandler Wilkerson 2022-08-04 14:57:05 UTC 
Description of problem:

The openshift-client ClusterTask requires openshift/cli container and by default explicitly pulls it from image-registry.openshift-image-registry.svc:5000.

In my current (ocp 4.10.24) Baremetal IPI cluster, the registry is not installed by default due to no object storage available at install time.

Version-Release number of selected component (if applicable):
1.7.2 (OpenShift Pipelines)
4.10.24 (OCP)

How reproducible:
Always

Steps to Reproduce:
1. Install OCP using baremetal
2. Install Pipelines operator per docs
3. Install a pipeline that requires the openshift-client ClusterTask

Actual results:

Step that requires above ClusterTask times out with imagepullbackoff

e.g.

build step "step-oc" is pending with reason "rpc error: code = Unknown desc = pinging container registry image-registry.openshift-image-registry.svc:5000: Get \"https://image-registry.openshift-image-registry.svc:5000/v2/\": dial tcp: lookup image-registry.openshift-image-registry.svc on 192.168.72.14:53: no such host"

Expected results:

Either this container should be pulled from publicly accessible registry OR documentation should be added to OpenShift Pipelines' Prerequisites that explains an internal registry is required (and the operator should check and warn if it is not present)

Additional info: