[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Access to private Docker Hub registry not working in OpenShift v3.7



Hi all.

I have only very recently started investigating the use of OpenShift.
One of my builds pulls a base Docker Image from our private Docker Hub
repository.
This was working fine in OpenShift v3.6.1, but when I tried OpenShift
v3.7.0 I couldn't get it it to work.
The build fails early with the following error:

     error: build error: failed to pull image: API error (404):
{"message":"pull access denied for *REDACTED*, repository does not
exist or may require 'docker login'"}

I am running this on my Windows 10 based desktop.
Some details of the install:

    PS ~> oc version
    oc v3.7.0+7ed6862
    kubernetes v1.7.6+a08f5eeb62
    features: Basic-Auth

    Server https://10.0.75.2:8443
    openshift v3.7.0+7ed6862
    kubernetes v1.7.6+a08f5eeb62

And I am running Docker Community Edition Version 17.09.9-ce-win33
(13620) from the stable channel.

Steps I performed for both v3.6.1 and v.3.7.0 were as follows...

- Bring up the cluster by running:

    oc cluster up

- Provide access to our private source code repository (this part
works) like so:

    oc secrets new-basicauth bitbucket --username=*REDACTED* --prompt
    oc secrets link builder bitbucket

- Allow my containers to use the root user by using the anyuid
security context for a 'useroot' service account:

    oc login -u system:admin
    oc create serviceaccount useroot
    oc adm policy add-scc-to-user anyuid -z useroot
    oc login -u developer

- Provide access to our private Docker Hub registry:

    oc secrets new-dockercfg private-dockerhub
--docker-server=https://index.docker.io/v1/
--docker-username=*REDACTED* --docker-password=*REDACTED*
--docker-email=*REDACTED*
    oc secrets link builder private-dockerhub

    Note: The 'oc secrets new private-dockerhub
.dockerconfigjson=config.json' command does not work on Windows, so I
have to use the 'oc secrets new-dockercfg' command shown above
instead.
    That's because the authentication details after performing a
'docker login' end up in the Windows Credential Store, so the file's
contents look like:

        PS ~\.docker> cat config.json
        {
               "auths": {
                       "https://index.docker.io/v1/": {}
               },
               "HttpHeaders": {
                       "User-Agent": "Docker-Client/17.09.0-ce (windows)"
               },
               "credsStore": "wincred"
        }

- Create the application:

    oc new-app -f test-app.yaml

I went back to version 3.6.1 and repeated the above steps again and it
all worked as expected.
I've gone to 3.7.0 and repeated the above steps and it doesn't work.

Note that each time I changed environments I started with a clean
slate by running 'oc cluster down' and then doing a factory reset of
my Docker installation.
Then I configured Docker with the insecure-registry and changed its
storage-driver to aufs to work around an issue I get when code is
checked out of our repository.

Regards,

Jim Barber | Site Reliability Engineer


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]