[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift registry behind registry auth issues



https://bugzilla.redhat.com/show_bug.cgi?id=1511870 is the bug, we haven't fixed it yet. We're debating whether or not to switch to using the dns name, though if environment variables evaluate as expected perhaps we should just add NO_PROXY=${KUBENETES_SERVICE_HOST} and then we can address whether or not to switch to dns later.

On Tue, Nov 21, 2017 at 9:45 AM, Ben Parees <bparees redhat com> wrote:


On Tue, Nov 21, 2017 at 1:46 AM, Joel Pearson <japearson agiledigital com au> wrote:
Hi,

I spend most of the day debugging why my OpenShift registry wasn’t working because the cluster lives behind a http proxy. I can see OpenShift ansible configured the registry with proxy settings including no_proxy, but in the error logs I could see during authentication it was trying to talk to the master api server at 172.30.0.1, but that wasn’t in the no_proxy env setting so the proxy was trying to resolve it and failing. 

I believe this is a known bug in the ansible installer.  Hopefully Scott can point to the issue.


So that can be fixed by adding 172.30.0.1 to no_proxy, but it felt a bit hacky. A dns name would be better as they’re easier to wildcard in no_proxy. 

I want to know how the registry knows to use the IP address of the master api server instead of a dns name? I couldn’t see a reference to the api server in /etc/registry. Where does it get that from? Is it part of a docket secret?


the kubernetes api IP is provided in an env var to the registry pod.
KUBERNETES_SERVICE_HOST=172.30.0.1



Thanks,

Joel 

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Ben Parees | OpenShift



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]