Reputation: 27
Openshift 4.x can't pull sonatype nexus image with http only
Is there a work around for Openshift to access HTTP only image with Sonatype Nexus proxy? That's what my team provided for POC Openshift. You can do podman pull with sslverify false, works fine even inside a pod with podman. But Openshift can't pull it,
ERROR: Job failed: prepare environment: waiting for pod running: pulling image "domain.ca:5000/gitlab/gitlab-runner-helper:ubi-fips-x86_64-v15.8.2": image pull failed: rpc error: code = Unknown desc = pinging container registry domain.ca:5000: Get "https://domain.ca:5000/v2/": http: server gave HTTP response to HTTPS client. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
It's looking for https://domain.ca:5000/v2/ but in reality it's only "http://domain.ca:5000/v2/".
Upvotes: 0
Views: 774
Answers (2)
Reputation: 27
Even http works with this solution, https://computingforgeeks.com/allow-insecure-registries-in-openshift-okd-4-cluster/
Upvotes: 0
Reputation: 814
In OpenShift, Accessing a container registry using HTTPS is the default behavior. You need to add the registry as insecure registry as follows:
apiVersion: config.openshift.io/v1
kind: Image
metadata:
annotations:
release.openshift.io/create-only: "true"
name: cluster
spec:
registrySources:
insecureRegistries:
- domain.ca
You can edit image.config.openshift.io with following command:
$ oc edit image.config.openshift.io/cluster
*1: https://docs.openshift.com/container-platform/4.12/openshift_images/image-configuration.html
Upvotes: 1
Related Questions
- Unable to pull image from JFrog docker registery
- Gitlab-Runner on Kubernetes/Openshift
- Kubernetes cannot pull image from private docker image repository
- Promote image across openshift clusters
- Failed to pull image from Docker local insecure registry: http: server gave HTTP response to HTTPS client
- kubectl pod fails to pull down an AWS ECR image
- OpenShift docker registry can't pull an image from registry-1.docker.io