Unable to import and pull images through registry.redhat.io

Solution Verified - Updated

Environment

  • Openshift Container Platform 3.10

Issue

  • From Openshift 3.11 the default registry moved to registry.redhat.io and it does not support unauthenticated access.
  • For more information follow the Registry Authentication link.
  • Building image from Dockerfile where the base image is specified to pull from registry.redhat.io is not able to authenticate using imagestreamsecret. This secret is used for pulling image stream created in Openshift project.

Resolution

  • Create a secret in a project and link it to the service account.
  • The below example assumes the secret to be created in test project:
 # oc create secret generic cred  --from-file=.dockerconfigjson=/var/lib/origin/.docker/config.json --type=kubernetes.io/dockerconfigjson -n test
 # oc secrets link default cred --for=pull
 # oc secrets link builder cred
  • If the imagestreamsecret is not present in openshift namespace, create it using:
 # oc create secret generic imagestreamsecret --from-file=.dockerconfigjson=/var/lib/origin/.docker/config.json --type=kubernetes.io/dockerconfigjson -n openshift

Root Cause

  • Red Hat-distributed container images are moving from the existing Red Hat Container Registry (registry.access.redhat.com) to a new one (registry.redhat.io). With that move will come a change in the authentication needed to pull and use those container images.

Diagnostic Steps

  1. Verify image import secret imagestreamsecret, is in OpenShift namespace. That secret has credentials that allow you to access the new registry.

  2. Verify all of the cluster nodes have a /var/lib/origin/.docker/config.json, copied from the master, that allows accessing the Red Hat registry.

  3. Verify if imagestreamsecret is present in openshift namespace

# oc get secret -n openshift
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.