I've created https://github.com/openshift/origin/pull/7469 to address problem with insecure v1 registries.
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/18f055cbd4771cdbfa332bb13a8803c01d36d5c7 Bug 1309195 - Return ErrNotV2Registry when falling back to http backend
Here are the steps needed to work with the repository Brenton mentioned. Since this is secured repository with authentication we need to mark the registry as insecure (this will bypass checking certificate) and provide secrets to satisfy the authentication. Here are the steps to do so: 1. create the secret: a) oc login following instructions at https://api.qe.openshift.com/oauth/token/request b) get token with oc whoami -t c) docker login -u username -e email -p token registry.qe.openshift.com (in my case both username and email where my rh email, if in doubt check oc whoam i) d) oc secrets new mysecret .dockerconfigjson=$HOME/.docker/config.json 2. create the image stream: apiVersion: v1 kind: ImageStream metadata: name: myis annotations: openshift.io/image.insecureRepository: "true" spec: dockerImageRepository: registry.qe.openshift.com/openshift3/php-55-rhel7 This should do the trick of importing images.
Maciej, Is there no way to specify a CA file today? It seems like we should create a card for that if that's the case.
Brenton, I'm not sure this is the right way to go. I'd rather admins deal with repos with self-signed certs at the operating system level by importing appropriate company-wide CA used for issuing those certs. Importing metadata will only allow seeing the image, for docker push/pull operation the CA needs to be on a node still.
Based on previous comment and the fact that I was able to access all the repos mentioned in this issue I'm moving this to QA.