I accidentally tried to deploy a private image from Quay and new-app didn't really tell me anything meaningful: oc new-app --docker-image=quay.io/roddiekieley/podescape-io --loglevel=8 I1023 09:34:07.182112 2838550 loader.go:375] Config loaded from file: /home/thoraxe/.kube/config I1023 09:34:07.184872 2838550 newapp.go:659] Docker client did not respond to a ping: Get http://unix.sock/_ping: dial unix /var/run/docker.sock: connect: permission denied I1023 09:34:07.185047 2838550 dockerimagelookup.go:87] checking remote registry for "quay.io/roddiekieley/podescape-io" {{I1023 09:34:07.185696 2838550 request.go:1017] Request Body: {"kind":"ImageStreamImport","apiVersion":"image.openshift.io/v1","metadata": {"name":"newapp","creationTimestamp":null} ,"spec":{"import":false,"images":[{"from": {"kind":"DockerImage","name":"quay.io/roddiekieley/podescape-io"} ,"importPolicy":{},"referencePolicy":{"type":""}}]},"status":{}}}} I1023 09:34:07.185764 2838550 round_trippers.go:420] POST https://api.cluster-380f.380f.example.opentlc.com:6443/apis/image.openshift.io/v1/namespaces/arcade/imagestreamimports I1023 09:34:07.185775 2838550 round_trippers.go:427] Request Headers: I1023 09:34:07.185783 2838550 round_trippers.go:431] Accept: application/json, / I1023 09:34:07.185790 2838550 round_trippers.go:431] Content-Type: application/json I1023 09:34:07.185803 2838550 round_trippers.go:431] User-Agent: oc/openshift (linux/amd64) kubernetes/bc08a48 I1023 09:34:07.185813 2838550 round_trippers.go:431] Authorization: Bearer <masked> I1023 09:34:08.585892 2838550 round_trippers.go:446] Response Status: 201 Created in 1400 milliseconds I1023 09:34:08.585935 2838550 round_trippers.go:449] Response Headers: I1023 09:34:08.585948 2838550 round_trippers.go:452] Audit-Id: 54ddbce7-4575-4d02-b523-155e11735fea I1023 09:34:08.585958 2838550 round_trippers.go:452] Cache-Control: no-cache, private I1023 09:34:08.585967 2838550 round_trippers.go:452] Cache-Control: no-store I1023 09:34:08.585981 2838550 round_trippers.go:452] Content-Type: application/json I1023 09:34:08.585991 2838550 round_trippers.go:452] Date: Fri, 23 Oct 2020 13:34:08 GMT I1023 09:34:08.586003 2838550 round_trippers.go:452] Content-Length: 860 {{I1023 09:34:08.586057 2838550 request.go:1017] Response Body: {"kind":"ImageStreamImport","apiVersion":"image.openshift.io/v1","metadata":{"name":"newapp","namespace":"arcade","selfLink":"/apis/image.openshift.io/v1/namespaces/arcade/imagestreamimports/newapp","uid":"8883f588-3ee4-4e16-9715-80fac9a79c48","creationTimestamp":"2020-10-23T13:34:07Z","managedFields":[{"manager":"oc","operation":"Update","apiVersion":"image.openshift.io/v1","time":"2020-10-23T13:34:07Z","fieldsType":"FieldsV1","fieldsV1":{"f:spec":{"f:images":{}}}}]},"spec":{"import":false,"images":[{"from": {"kind":"DockerImage","name":"quay.io/roddiekieley/podescape-io"} ,"importPolicy":{},"referencePolicy":{"type":"Source"}}]},"status":{"images":[{"status":{"metadata":{},"status":"Failure","message":"you may not have access to the container image \"quay.io/roddiekieley/podescape-io:latest\"","reason":"Unauthorized","code":401},"tag":"latest"}]}}}} {{I1023 09:34:08.592186 2838550 dockerimagelookup.go:230] image import failed: v1.ImageImportStatus{Status:v1.Status{TypeMeta:v1.TypeMeta {Kind:"", APIVersion:""} , ListMeta:v1.ListMeta{SelfLink:"", ResourceVersion:"", Continue:"", RemainingItemCount*int64)(nil)}, Status:"Failure", Message:"you may not have access to the container image \"quay.io/roddiekieley/podescape-io:latest\"", Reason:"Unauthorized", Details*v1.StatusDetails)(nil), Code:401}, Image*v1.Image)(nil), Tag:"latest"}}} F1023 09:34:08.592386 2838550 helpers.go:114] error: unable to locate any local docker images with name "quay.io/roddiekieley/podescape-io" The 'oc new-app' command will match arguments to the following types: 1. Images tagged into image streams in the current project or the 'openshift' project {{ - if you don't specify a tag, we'll add ':latest'}} {{ 2. Images in the Docker Hub, on remote registries, or on the local Docker engine}} {{ 3. Templates in the current project or the 'openshift' project}} {{ 4. Git repository URLs or local paths that point to Git repositories}} --allow-missing-images can be used to point to an image that does not exist yet. See 'oc new-app -h' for examples. At the time this image was private / required auth. You can see the HTTP status code was 401 unauthorized, but new-app didn't tell me that. It would be nice if, in the case of a failure to interrogate the remote registry, new-app reported what happened. The status message is already there. This was originally filled in here (https://issues.redhat.com/browse/RFE-1328).
Looking into this in the upcoming sprint.
Other bugs/PRs took priority this sprint, adding upcoming sprint, will submit a PR for this in the coming days
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale" and decreasing the severity/priority. If you have further information on the current state of the bug, please update it, otherwise this bug can be closed in about 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant. Additionally, you can add LifecycleFrozen into Keywords if you think this bug should never be marked as stale. Please consult with bug assignee before you do that.
The LifecycleStale keyword was removed because the bug moved to QE. The bug assignee was notified.
With latest oc client, could see the wrong now: [root@dhcp-140-138 ~]# oc version Client Version: 4.7.0-202101122125.p0-9eb2f8f [root@dhcp-140-138 ~]# oc new-app --docker-image=quay.io/sallyom/podescape-io:test W0115 10:54:26.961736 22550 dockerimagelookup.go:240] container image remote registry lookup failed: you may not have access to the container image "quay.io/sallyom/podescape-io:test" error: unable to locate any local docker images with name "quay.io/sallyom/podescape-io:test" The 'oc new-app' command will match arguments to the following types: 1. Images tagged into image streams in the current project or the 'openshift' project - if you don't specify a tag, we'll add ':latest' 2. Images in the Docker Hub, on remote registries, or on the local Docker engine 3. Templates in the current project or the 'openshift' project 4. Git repository URLs or local paths that point to Git repositories --allow-missing-images can be used to point to an image that does not exist yet. See 'oc new-app -h' for examples. Compared with older version : [root@localhost ~]# oc version Client Version: 4.7.0-202101060325.p0-d69d7c4 [root@localhost ~]# oc new-app --docker-image=quay.io/sallyom/podescape-io:test error: unable to locate any local docker images with name "quay.io/sallyom/podescape-io:test" The 'oc new-app' command will match arguments to the following types: 1. Images tagged into image streams in the current project or the 'openshift' project - if you don't specify a tag, we'll add ':latest' 2. Images in the Docker Hub, on remote registries, or on the local Docker engine 3. Templates in the current project or the 'openshift' project 4. Git repository URLs or local paths that point to Git repositories --allow-missing-images can be used to point to an image that does not exist yet. See 'oc new-app -h' for examples.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633