Description of problem: Developers are unable to enter an image from an insecure private repository that is defined in cluster images resource with pull-secrets provided in the cluster wide pull secret (pull-secret -n openshift-config). Version-Release number of selected component (if applicable): 4.5.8 How reproducible: Always Steps to Reproduce: 1. Create private nexus repository 2. Update the image.config.openshift.io/cluster to contain an insecure registry definition 3. Update clusterwide pull-secret to contain user/pass for the private nexus repo (oc get secret pull-secret -n openshift-config) Actual results: Console UI complains that the server gave HTTP response to HTTPS client. Expected results: Console UI allows developer to enter repository with image tag and press the Create bottom when all other fields are filled in. Additional info: The customer is currently working around this by having developers use cli to create their apps / deployments using yaml definitions. They would much rather have their developers use the Developer view of the OpenShift console.
This UI uses ImageStreamImport: https://docs.openshift.com/container-platform/4.5/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.html A feature in 4.6 allows the user to check a box which will set `importPolicy: { insecure: ture }` in the ImageStreamImport. This was updated as per: https://bugzilla.redhat.com/show_bug.cgi?id=1826740 (https://github.com/openshift/console/pull/5697) Would this solve the error? Does `oc new-app` work with their image? If not, does it work with `--insecure-registry` ?
I'll check and see. I believe they said `oc new-app` works, but they just want the developers to use the UI instead of the oc tools. I'll mention to them that there is a new check box in 4.6 they can check to bypass that error. On a side note, they updated their cluster to include their private repo in the image config for the cluster and was rolled out to all their nodes. If we run podman on the nodes, it will pull the images without needed the insecure flag set. Is there a reason the UI cannot honor this behavior as well w/o the need of a flag? Its configured in the system as an insecure registry but not being consumed by these UI components.
Swapping needs info flags.
The UI uses the same `ImageStreamImport` as the oc tool. Please confirm if indeed `oc new-app` works with or without the `--insecure-registry` flag. If the oc tool works without this flag, then we can investigate further why the UI differs.
Ok. Makes sense. Let me have them try that. Thanks.
@ngirard can we consider this closed as it seems 4.6 works for the client?
@ngirard Please let us know if we can close this out based on the information already provided.
*** This bug has been marked as a duplicate of bug 1826740 ***