Red Hat Bugzilla – Bug 1464562
[RFE] Support reencrypt routing on docker-registry service
Last modified: 2017-08-09 15:40:06 EDT
What problem/issue/behavior are you having trouble with? What do you expect to see?
Recently we upgraded to Openshift 3.5 for our stand-alone registry service. Before the upgrade, we had a configuration working where a reencrypt route was used on top of the registry service to successfully support secured traffic to our docker-registry. However with the new 3.5 docker-registry image, this configuration broke when pushing images. This issue seems to be the exact thing we're experiencing: https://github.com/openshift/origin/issues/14249.
I do realize that the documentation for the registry service says passthrough encryption is the only supported TLS option here: https://docs.openshift.com/container-platform/latest/install_config/registry/securing_and_exposing_registry.html#exposing-the-registry
We would like to see reencrypt supported as well (preferably through openshift-ansible code) with examples, or the change to the v3.5 registry that broke reencrypt routing reverted so we can keep our working configuration. The former option would be preferred.
When does the behavior occur? Frequently? Repeatedly? At certain times?
We would need to figure this out before our team considers an upgrade to 3.6. Is there any suggestion for workaround while a reencrypt configuration is looked at for the stand-alone registry?