MaciejHope that helps,4. Re-run import.use that auth URL for docker-server when creating the second secret.see the HTTP/1.1 401 Unauthorized with information where to authenticate, eg:data, eg. curl -v https://<registry address>/v2/<namespace>/<3. Create a 2nd secret again the authorization url. You can get it by trying to curl the image2. Create a secret as previously.1. IS stays the same, no need to modify anything.The second, in which authorization is delegated to a different URL:3. Re-run the import:--docker-email=<email>2. Create a secret, eg:In short, there are two possible use-cases here.The first, in which the authorization is performed under the same URL as the pull:1. IS stays the same, no need to modify anything.
oc secrets new-dockercfg <secret_name> \
oc import-image <IS name>
image> in return you should
WWW-Authenticate: Bearer realm="<auth URL>",service="docker-
registry"On Thu, Jan 4, 2018 at 2:53 PM, Alan Christie <achristie informaticsmatters com> wrote:Thanks for your guidance so far Maciej but none of this is working for me.  doesn’t really help as I’m past that and, sadly the 1,500 lines and numerous of posts in issue 9584  are exhausting to trawl though and still leave me with an inability to pull from GitLab using an image stream.Again, I have a working DC/IPS solution. I understand secrets, DCs and IPS but I still cannot get ImageStreams to work. I just get…Internal error occurred: Get https://registry.gitlab.com/v2 /myproject/myimage.manifests/ latest:denied: access forbidden.I’m just about exhausted.So, if my setup is:
- OpenShift 3.6.1
- An image that's: myproject/myimage:latest
- A registry that’s: registry.gitlab.com
- A pull secret that works for DC/IPS - i.e. I can pull the image from the private repo with my DC and the installed secret.What...
- would my ImageStream yaml template or json look like?
- would I need to change in my working DC yaml?
- if any, are the crucial roles my OC user needs?On 3 Jan 2018, at 11:03, Maciej Szulik <maszulik redhat com> wrote:MaciejHave a look at  which should explain how to connect the IS with the secret. Additionally,there's  which explains problems when auth is delegated to a different uri.On Wed, Jan 3, 2018 at 10:34 AM, Alan Christie <achristie informaticsmatters
com> wrote:Hi all,
I’m successfully using a DeploymentConfig (DC) and an ImagePullSecret (IPS) templates with OpenShift Origin v3.6 to spin-up my application from a container image hosted on a private GitLab registry. But I want the deployment to re-deploy when the GitLab image changes and to do this I believe I need to employ an ImageStream.
I’m, comfortable with each of these objects and have successfully used ImageStreams and DCs with public DockerHub images (that was easy because there are so many examples). But I’m stuck trying to pull an image using an ImageStream from a private GitLab-hosted docker registry.
The IPS seems to belong to the DC, so how do I get my ImageStream to use it? My initial attempts have not been successful. All I get, after a number of attempts at this, is the following error on the ImageScreen console...
Internal error occurred: Get https://registry.gitlab.com/v2
/myproject/myimage/manifests/l: denied: access forbidden. Timestamp: 2017-12-28T14:27:12Z Error count: 2. atest
Where “myproject” and “myimage” are my GitLab project and image names.
My working DC/IPS combo looks something like this…
- name: gitlab-myproject
- image: registry.gitlab.com/myproject/
But what would my DC/IPS/ImageStream objects look like?
Thanks in advance.
users mailing list
users lists openshift redhat c
users mailing list
users lists openshift redhat