Description of problem:


you can cert unknown error when you "oc tag" an image with secured registry


Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1.Secure the registry as described in the docs
2.Try to "oc tag" an image


Actual results:
$ oc describe is myapp
Name:           myapp
Namespace:      development
Created:        About an hour ago
Labels:         application=myapp
            name=myapp
            template=eap64-basic-s2i
            xpaas=1.3.2
Annotations:        openshift.io/generated-by=OpenShiftNewApp
            openshift.io/image.dockerRepositoryCheck=2016-11-09T19:26:21Z
Docker Pull Spec:   172.30.85.130:5000/development/myapp
Unique Images:      2
Tags:           2
 
latest
  pushed image
 
  * 172.30.85.130:5000/development/myapp@sha256:1803c8e9f3bba7827332255ebfb7d27900b1c7d7ce5e745ed92144281e949804
      7 minutes ago
    172.30.85.130:5000/development/myapp@sha256:8e1ddd99d3a407e1cb7f34422bd88d86d46266216765c926a1e2fafe25ffe9e1
      18 minutes ago
 
promote-qa
  tagged from 172.30.85.130:5000/development/myapp@sha256:1803c8e9f3bba7827332255ebfb7d27900b1c7d7ce5e745ed92144281e949804
 
  ! error: Import failed (InternalError): Internal error occurred: Get https://172.30.85.130:5000/v2/: x509: certificate signed by unknown authority
      22 seconds ago

Expected results:

without the above error


Additional info:
This happens because “oc tag” command does not use /etc/docker/certs.d/<<registryip>:5000/ca.crt

if you secure the registry, “oc tag” will not work by default  
you will have to do the following
 
cat /etc/origin/master/ca.crt >> /etc/pki/tls/certs/ca-bundle.crt 
systemctl restart atomic-openshift-master docker

on the master host

Please refer this trello 
 https://trello.com/c/LpAlyjkn/831-importing-from-secure-registries

Either fix this in OCP or fix add the above to the documentation.
 



Document URL: 

Section Number and Name: 

Describe the issue: 

Suggestions for improvement: 

Additional information: