Openshift 4.x can't pull sonatype nexus image with http only

464 Views Asked by uniwinux At 09 March 2023 at 22:59

Is there a work around for Openshift to access HTTP only image with Sonatype Nexus proxy? That's what my team provided for POC Openshift. You can do podman pull with sslverify false, works fine even inside a pod with podman. But Openshift can't pull it,

ERROR: Job failed: prepare environment: waiting for pod running: pulling image "domain.ca:5000/gitlab/gitlab-runner-helper:ubi-fips-x86_64-v15.8.2": image pull failed: rpc error: code = Unknown desc = pinging container registry domain.ca:5000: Get "https://domain.ca:5000/v2/": http: server gave HTTP response to HTTPS client. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information

It's looking for https://domain.ca:5000/v2/ but in reality it's only "http://domain.ca:5000/v2/".

Original Q&A

There are 2 best solutions below

hiroyukik On 10 March 2023 at 02:57

In OpenShift, Accessing a container registry using HTTPS is the default behavior. You need to add the registry as insecure registry as follows:

apiVersion: config.openshift.io/v1
kind: Image 
metadata:
  annotations:
    release.openshift.io/create-only: "true"
  name: cluster
spec:
  registrySources: 
    insecureRegistries:
    - domain.ca

You can edit image.config.openshift.io with following command:

$ oc edit image.config.openshift.io/cluster

*1: https://docs.openshift.com/container-platform/4.12/openshift_images/image-configuration.html

uniwinux On 10 March 2023 at 14:18

Even http works with this solution, https://computingforgeeks.com/allow-insecure-registries-in-openshift-okd-4-cluster/

Openshift 4.x can't pull sonatype nexus image with http only

There are 2 best solutions below

Related Questions in KUBERNETES

Related Questions in OPENSHIFT

Related Questions in OPENSHIFT-ORIGIN

Trending Questions

Popular # Hahtags

Popular Questions