Pulling a container image from "registry.connect.redhat.com" unexpectedly redirects to AWS S3

Solution Verified - Updated

Environment

  • OpenShift Container Platform 4.6 and later
  • Container Registry registry.connect.redhat.com

Issue

  • When pulling a container image from "registry.connect.redhat.com", this fails with the following error message:

    Failed to pull image "registry.connect.redhat.com/seldonio/seldon-core-operator-bundle@sha256:0a179578abb46e9a2ea827374cdf3787f1020892cc589073ab8962f5c7a57368": rpc error: code = Unknown desc = Error parsing image configuration: Get "https://rhc4tp-prod-z8cxf-image-registry-us-east-1-evenkyleffocxqvofrk.s3.dualstack.us-east-1.amazonaws.com/docker/registry/v2/blobs/sha256/95/95484b2371976b3a6485b06ba75ba2e1cdda038f137af1e6085cca390c75ab1f/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&[..]": net/http: TLS handshake timeout

    According to the following Solution, AWS S3 does not need to be allowed on the firewall: Applying IP address filtering to Red Hat Container Registries. Why are we seeing the error above?

  • Pulling a container image from "registry.connect.redhat.com" redirects to AWS S3, is this expected?

Resolution

  • Optional third-party content hosted on registry.connect.redhat.com is served via the following AWS S3 bucket: rhc4tp-prod-z8cxf-image-registry-us-east-1-evenkyleffocxqvofrk.s3.dualstack.us-east-1.amazonaws.com. Customers should allow this domain to be accessed by the OpenShift Container Platform cluster in their firewall.

  • Review the "Configuring your firewall for OpenShift Container Platform" section in the documentation to find a full list of required URLs.

Diagnostic Steps

  • On the OpenShift Container Platform Master Node, use the following commands to manually try to pull an image from registry.connect.redhat.com to verify the error message (the image used is an example, other images can also be used):

    $ podman login registry.connect.redhat.com
$ podman pull registry.connect.redhat.com/seldonio/seldon-core-operator-bundle:latest
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.