Description of problem: After an install of the cluster the deployed registry in 3.6 gets proxy variables set on the deployment configuration. The registry uses the kubernetes service IP to authenticate with user logging into the registry. This IP address does not get set resulting in logins and pushes to fail with the installer deployed registry. How reproducible: 100% Steps to Reproduce: 1. Install a cluster setting hosted registry vars and proxy vars in the hosts file openshift_http_proxy='https://testproxy.com' openshift_https_proxy='https://testproxy.com' openshift_no_proxy='.hosts.example.com,some-host.com' Actual results: spec: containers: - env: - name: HTTPS_PROXY value: https://testproxy.com - name: HTTP_PROXY value: https://testproxy.com - name: NO_PROXY value: .cluster.local,.svc,docker-registry,docker-registry.svc,docker-registry.svc.cluster.local,<MASTERURLS>,<MASTERIP_ADDRESSES>,.hosts.example.com,some-host.com docker login -u test -p `oc whoami -t` docker-registry.default.svc:5000 Error response from daemon: Get https://docker-registry.default.svc:5000/v2/: unauthorized: authentication required time="2017-12-18T19:52:23.556930453Z" level=debug msg="invalid token: Get https://172.30.0.1:443/oapi/v1/users/~: malformed HTTP response \"\\x15\\x03\\x01\\x00\\x02\\x02\\x16\"" go.version=go1.7.6 http.request.host="docker-registry.default.svc:5000" http.request.id=f6c021d6-a4e0-468e-8a04-20ac2ca2eb13 http.request.method=GET http.request.remoteaddr="10.129.0.1:48390" http.request.uri="/openshift/token?account=quicklab&client_id=docker&offline_token=true" http.request.useragent="docker/1.12.6 go/go1.8.3 kernel/3.10.0-693.12.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \\(linux\\))" instance.id=1a30097d-7820-40f4-9765-0afc1dbdda43 openshift.logger=registry Expected results: The registry get the service IP for the kubernetes service IP, and all internal registry requests do not use the configured proxy. Example: value: .cluster.local,.svc,docker-registry,docker-registry.svc,docker-registry.svc.cluster.local,<MASTERURLS>,<MASTERIP_ADDRESSES>,.hosts.example.com,some-host.com,172.30.0.1 Additional info: https://github.com/openshift/openshift-ansible/commit/2960dd82cb2d9644f09957a0108ba3f817bd8b8c#diff-1fc9cdb7519394fff35b7aa41bfef936 https://github.com/openshift/openshift-ansible/blob/release-3.6/roles/openshift_hosted/tasks/registry/registry.yml#L64-L70
*** Bug 1535783 has been marked as a duplicate of this bug. ***
https://github.com/openshift/openshift-ansible/pull/6215 proposed fix
Verified in openshift-ansible-3.9.0-0.34.0.git.0.c7d9585.el7.noarch.rpm 172.30.0.1 is added to docker-registry NO_PROXY env variable successfully. And S2I build succeeded.
*** Bug 1540404 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489