Description of problem: Version-Release number of selected component (if applicable): OCP 3.6.1. How reproducible: Steps to Reproduce: 1. Create an image in an insecure registry 2. Create an image stream, with a tag definition pointing to the image (i.e. tag: from: ...) and importPolicy: { insecure: true }. 3. import the image tag, e.g. oc import-image image:tag. notice the x509 error. also notice that the import may have succeeded. 4. Successive imports appear to fail, but setting generation back to 0 sometimes allows the import to succeed. Actual results: import fails Expected results: import updates the tag Additional info:
Forgot to add, the import succeeds if you also add openshift.io/image.insecureRepository: true to the annotations on the image stream.
Alexey has a few blockers already, Oleg can you take a look at this one?
> setting generation back to 0 sometimes allows the import to succeed. Can you provide the exact path to the generation field? .metadata.generation or .spec.tags.generation?
.metadata.generation
https://github.com/openshift/origin/pull/16756
Verified # oc version oc v3.7.0-0.159.0 kubernetes v1.7.6+a08f5eeb62 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://:8443 openshift v3.7.0-0.153.0 kubernetes v1.7.6+a08f5eeb62 cannot reproduce this issue
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188