Description of problem: After adding pullsecret or sourcesecret, still can't pull a private docker image as source image. Version-Release number of selected component (if applicable): devenv-rhel7_3250 oc v1.1.1-182-ga57296f kubernetes v1.1.0-origin-1107-g4c8e6f4 How reproducible: always Steps to Reproduce: 1.Prepare a private docker image, and make sure no this image in node or master. 2.Create a secret $docker login // to generate $HOME/.docker/config.json $oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json $oc secrets add serviceaccount/builder secrets/pull 3.Edit template json to use this secret. $wget https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/build/ruby22rhel7-template-sti.json "source": { "type": "Git", "git": { "uri": "https://github.com/openshift/ruby-hello-world.git" }, "images": [ { "from": { "kind": "DockerImage", "name": "docker.io/xiuwang/jenkins-1-centos7:latest" }, "pullSecret": { "name": "pull" }, "paths": [ { "sourcePath": "/opt/openshift", "destinationDir": "xiuwangs2i" } ] } ] }, 4.Create app using this template 5.Check builds 6.Add this secret as sourcesecret, trigger new build, check builds Actual results: 5.$oc build-logs ruby22-sample-build-1 Command "build-logs" is deprecated, use "oc logs build/<build-name>" instead. F0127 09:25:08.413053 1 builder.go:185] Error: build error: error pulling image docker.io/xiuwang/jenkins-1-centos7:latest: Error: image xiuwang/jenkins-1-centos7:latest not found 6.same with step 5. Expected results: Could pull source image using secret. Additional info: After pull private image to instance manually, trigger new build,the build could complete.And the files could be copied to destination dir. The build-logs error behaves as not login when pull private image manaully.
You indicate you ran: oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json to create the secret. I think you need to run: oc secrets new pull .dockercfg=${HOME}/.docker/config.json The key within the secret needs to be named ".dockercfg" and not ".dockerconfigjson". Can you please try that and report back?
@Ben After add secret as 'oc secrets new pull .dockercfg=${HOME}/.docker/config.json',still can't pull private source image. $oc get secret pull -o yaml apiVersion: v1 data: .dockercfg: ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImVHbDFkMkZ1WnpweVp..... $oc build-logs ruby22-sample-build-1 Command "build-logs" is deprecated, use "oc logs build/<build-name>" instead. F0128 03:00:14.449107 1 builder.go:185] Error: build error: error pulling image docker.io/xiuwang/jenkins-1-centos7:latest: Error: image xiuwang/jenkins-1-centos7:latest not found
Turns out our pull secret logic only supported the ".dockercfg" file format and not the newer config.json format. fixing here: https://github.com/openshift/origin/pull/6887 Even with this fix, you will still need to specify the key as ".dockercfg" per my comment.
Ben I still can't pull private sourceimage in devenv-rhel7_3315, the fixed code has merged.Any wrong with my steps? $oc secrets new pull .dockercfg=${HOME}/.docker/config.json $oc secrets add serviceaccount/builder secrets/pull $oc get secrets pull -o yaml apiVersion: v1 data: .dockercfg: ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImVHbDFkMkZ1WnpweVpXUm9ZWFJrYjJOclpYST0iLAoJCQkiZW1haWwiOiAieGl1d2FuZ0ByZWRoYXQuY29tIgoJCX0KCX0KfQ== kind: Secret #oc get bc source: git: uri: https://github.com/openshift/ruby-hello-world.git images: - from: kind: DockerImage name: docker.io/xiuwang/jenkins-1-centos7:latest paths: - destinationDir: xiuwangs2i sourcePath: /opt/openshift pullSecret: name: pull secrets: null type: Git # oc build-logs ruby22-sample-build-1 Command "build-logs" is deprecated, use "oc logs build/<build-name>" instead. I0203 06:45:44.601698 1 docker.go:286] Image "registry.access.redhat.com/rhscl/ruby-22-rhel7:latest" not available locally, pulling ... F0203 06:46:00.532611 1 builder.go:194] Error: build error: error pulling image docker.io/xiuwang/jenkins-1-centos7:latest: Error: image xiuwang/jenkins-1-centos7:latest not found
Yes there's something wrong w/ your secret creation step this: oc secrets new pull .dockercfg=${HOME}/.docker/config.json should be: oc secrets new pull ${HOME}/.docker/config.json or oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json When you use ".dockercfg" as the key, you must provide a ".dockercfg" file, not a ".docker/config.json" file. They are formatted differently.
devenv-rhel7_3325 Could pull private sourceimage with this two apporachs to create secrets oc secrets new pull ${HOME}/.docker/config.json or oc secrets new pull .dockerconfigjson=${HOME}/.docker/config.json Thanks Move to bug to verified.