Bug 1810920 - Cannot use private image for binary build although pull secret is linked to builder sa
Summary: Cannot use private image for binary build although pull secret is linked to b...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 4.4
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.5.0
Assignee: Adam Kaplan
QA Contact: Xiaoli Tian
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-06 08:33 UTC by Wenjing Zheng
Modified: 2020-05-29 14:11 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-29 14:11:05 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Wenjing Zheng 2020-03-06 08:33:35 UTC
Description of problem:
When use private build in Dockerfile for binary build,it failed to pull builder image although secret for the image is created and have linked to builder SA:
$ oc logs builds/prune-3
Receiving source from STDIN as archive ...
Caching blobs under "/var/cache/blobs".

Pulling image docker.io/wzheng/ruby-22-centos7 ...
Warning: Pull failed, retrying in 5s ...
Warning: Pull failed, retrying in 5s ...
Warning: Pull failed, retrying in 5s ...
error: build error: failed to pull image: After retrying 2 times, Pull image still failed due to error: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

Version-Release number of selected component (if applicable):
4.4.0-0.nightly-2020-03-05-194612

How reproducible:
Always

Steps to Reproduce:
1.oc new-project test
2.oc create secret generic pull --from-file=.dockerconfigjson=/Users/wzheng/.docker/config.json --type=kubernetes.io/dockerconfigjson
3.oc secrets link builder pull
4.Create build
oc  new-build --binary --name prune --to prune:latest
oc  start-build prune --from-dir ruby-hello-world -o=name

Actual results:
Build is failed for cannot pull builder image

Expected results:
Private image should be pulled

Additional info:
Under the same project with same pull secret created and linked, I can use the private image to do source/docker build
$ oc get sa builder -o yaml
apiVersion: v1
imagePullSecrets:
- name: builder-dockercfg-jvfsn
- name: pull
kind: ServiceAccount
metadata:
  creationTimestamp: "2020-03-06T07:43:07Z"
  name: builder
  namespace: wzheng1
  resourceVersion: "47907"
  selfLink: /api/v1/namespaces/wzheng1/serviceaccounts/builder
  uid: b3cd8d32-eff3-420f-b43a-a364f66d648b
secrets:
- name: builder-token-7fjw9
- name: builder-dockercfg-jvfsn
- name: pull


Note You need to log in before you can comment on or make changes to this bug.