I'm sure this is related to https://github.com/openshift/openshift-ansible/pull/8545

If we don't have a fix for that by end of day Monday lets revert that change as it was mainly aesthetic.

>      message: you may not have access to the Docker image "xxx.xxx.openshift.com:443/openshift3/registry-console:v3.10"

Although it would be able to solve by creating secret with oreg_auth_user and oreg_auth_password as [1], deploy task of registry-console will be more complicated. Actually other DCs like asb and asb-etcd do not use imagestream atm.
Hence, I personally think that reverting the commit 09e288c is fine. (Having said that, once SDN was tested with private registry, I guess that it will face same issue with this...)

@Vadim WDYT?

[1] https://docs.openshift.com/container-platform/3.9/dev_guide/managing_images.html#allowing-pods-to-reference-images-from-other-secured-registries

Yeah, we need to provision the pull secret into all namespaces that may pull from an authenticated registry. We're working on that for 3.11.

https://github.com/openshift/openshift-ansible/pull/8616 to revert the conversion to image streams

Fix is in openshift-ansible-3.10.0-0.59.0