Description of problem: On migrating an application including BuildConfig from source to target cluster, builder pod results in error, failing to push the image to the image registry. Version-Release number of selected component (if applicable): 1.8.0 How reproducible: Always Steps to Reproduce: 1. Deploy a stateful app with buildconfig resource 2. Create a migplan to migrate the application to target cluster 3. Execute the cutover migration 4. Once it finishes, check the migrated namespace pods in the target cluster. Actual results: Builder pod results in error. Expected results: Builder pod should be in completed state. Additional info: Pushing image image-registry.openshift-image-registry.svc:5000/app3/django-psql-persistent:latest ... Getting image source signatures Copying blob sha256:46b052e159fc16cdd50d3fc157ee3d37b0fdca26fac02c125590d9d3667499f6 Copying blob sha256:1323a241cc068f2816dd88f00168be73339471d6dc6eb2e6c761b63b734501b6 Copying blob sha256:fa92b53b7e2a0f05f79049d0c54dcca9b7e32f2bb01ad346d22145da90e26270 Copying blob sha256:5d011ac93e7456d4c646b0fbb53712598bda9a6b0d027b2be788016e078ded77 Copying blob sha256:06e86f96ac440a1dc8228bc46944781eae85e4d1bdaf8b66ed0c3ca60c25e36f Copying blob sha256:2bd25ca124579d6fce8668ff5d4ed83866d7e7438cb561a51ddde8cc40272822 Warning: Push failed, retrying in 5s ... Getting image source signatures Copying blob sha256:46b052e159fc16cdd50d3fc157ee3d37b0fdca26fac02c125590d9d3667499f6 Copying blob sha256:1323a241cc068f2816dd88f00168be73339471d6dc6eb2e6c761b63b734501b6 Copying blob sha256:fa92b53b7e2a0f05f79049d0c54dcca9b7e32f2bb01ad346d22145da90e26270 Copying blob sha256:5d011ac93e7456d4c646b0fbb53712598bda9a6b0d027b2be788016e078ded77 Copying blob sha256:06e86f96ac440a1dc8228bc46944781eae85e4d1bdaf8b66ed0c3ca60c25e36f Copying blob sha256:2bd25ca124579d6fce8668ff5d4ed83866d7e7438cb561a51ddde8cc40272822 Warning: Push failed, retrying in 5s ... Getting image source signatures Copying blob sha256:46b052e159fc16cdd50d3fc157ee3d37b0fdca26fac02c125590d9d3667499f6 Copying blob sha256:fa92b53b7e2a0f05f79049d0c54dcca9b7e32f2bb01ad346d22145da90e26270 Copying blob sha256:1323a241cc068f2816dd88f00168be73339471d6dc6eb2e6c761b63b734501b6 Copying blob sha256:5d011ac93e7456d4c646b0fbb53712598bda9a6b0d027b2be788016e078ded77 Copying blob sha256:06e86f96ac440a1dc8228bc46944781eae85e4d1bdaf8b66ed0c3ca60c25e36f Copying blob sha256:2bd25ca124579d6fce8668ff5d4ed83866d7e7438cb561a51ddde8cc40272822 Warning: Push failed, retrying in 5s ... Registry server Address: Registry server User Name: serviceaccount Registry server Email: serviceaccount Registry server Password: <<non-empty>> error: build error: Failed to push image: trying to reuse blob sha256:1323a241cc068f2816dd88f00168be73339471d6dc6eb2e6c761b63b734501b6 at destination: pinging container registry image-registry.openshift-image-registry.svc:5000: Get "https://image-registry.openshift-image-registry.svc:5000/v2/": x509: certificate signed by unknown authority ]$ oc get pods -n app3 NAME READY STATUS RESTARTS AGE django-psql-persistent-1-5rqbs 1/1 Running 0 2m31s django-psql-persistent-1-build 0/1 Error 0 2m34s django-psql-persistent-1-deploy 0/1 Completed 0 2m33s postgresql-1-deploy 0/1 Completed 0 2m34s postgresql-1-ds9nt 1/1 Running 0 2m32s
This is a bug affecting OCP 4->4 migrations. There is a configmap that is generated by the build pod which contains a certificate to be used when pushing to the internal registry. MTC is migrating all of the configmaps from the source namespace which include these builder generated configmaps from previously completed builds. On the target cluster these configmaps don't get patched, and the builder pod uses the certificate from the source cluster. OADP should be discarding this configmap on restore or openshift needs to be patching the configmap on build pod startup.