This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1464562 - [RFE] Support reencrypt routing on docker-registry service
[RFE] Support reencrypt routing on docker-registry service
Status: NEW
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE (Show other bugs)
3.5.0
Unspecified Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Paul Weil
Xiaoli Tian
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-23 14:36 EDT by Josh Foots
Modified: 2017-08-09 15:40 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Foots 2017-06-23 14:36:17 EDT
What problem/issue/behavior are you having trouble with?  What do you expect to see?

Recently we upgraded to Openshift 3.5 for our stand-alone registry service. Before the upgrade, we had a configuration working where a reencrypt route was used on top of the registry service to successfully support secured traffic to our docker-registry. However with the new 3.5 docker-registry image, this configuration broke when pushing images. This issue seems to be the exact thing we're experiencing: https://github.com/openshift/origin/issues/14249.

I do realize that the documentation for the registry service says passthrough encryption is the only supported TLS option here: https://docs.openshift.com/container-platform/latest/install_config/registry/securing_and_exposing_registry.html#exposing-the-registry

We would like to see reencrypt supported as well (preferably through openshift-ansible code) with examples, or the change to the v3.5 registry that broke reencrypt routing reverted so we can keep our working configuration. The former option would be preferred.

When does the behavior occur? Frequently?  Repeatedly?   At certain times?

Always
Comment 1 Ben Pritchett 2017-08-04 12:55:01 EDT
We would need to figure this out before our team considers an upgrade to 3.6. Is there any suggestion for workaround while a reencrypt configuration is looked at for the stand-alone registry?

Note You need to log in before you can comment on or make changes to this bug.