[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift registry behind registry auth issues





On Tue, Nov 21, 2017 at 1:46 AM, Joel Pearson <japearson agiledigital com au> wrote:
Hi,

I spend most of the day debugging why my OpenShift registry wasn’t working because the cluster lives behind a http proxy. I can see OpenShift ansible configured the registry with proxy settings including no_proxy, but in the error logs I could see during authentication it was trying to talk to the master api server at 172.30.0.1, but that wasn’t in the no_proxy env setting so the proxy was trying to resolve it and failing. 

I believe this is a known bug in the ansible installer.  Hopefully Scott can point to the issue.


So that can be fixed by adding 172.30.0.1 to no_proxy, but it felt a bit hacky. A dns name would be better as they’re easier to wildcard in no_proxy. 

I want to know how the registry knows to use the IP address of the master api server instead of a dns name? I couldn’t see a reference to the api server in /etc/registry. Where does it get that from? Is it part of a docket secret?


the kubernetes api IP is provided in an env var to the registry pod.
KUBERNETES_SERVICE_HOST=172.30.0.1



Thanks,

Joel 

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Ben Parees | OpenShift


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]