Re: How to pull images from a remote registry with the actual layers instead of just metadata?

Fri, 17 Nov 2017 21:42:06 -0800 

Hi Joel,

By default the imported image stream tag will have a reference policy of
Source. That means the pod will end up pulling the image from the remote
registry directly. For that to work you have to link a secret containing
the docker credentials with the deployment's sa. For the default sa this
looks like this

 oc secrets link default my-dockercfg --for=pull

The other option is to set the istag's reference policy to Local.

tags:
    - annotations: null
  ...
      name: latest
      referencePolicy:
        type: Local  .

Now the pod will try to get the image from the local registry which in turn
will pull from the remote. The registry will look for a dockercfg secret
with the remote server name. By default communication with the remote
registry will not use ssl. This is controlled by the istag import policy:

importPolicy: insecure: true

I have not been able to get it to work with insecure: false. I can't find
the right place to put the remote's ca for the registry to use it. But it
all works well when insecure is true.


Cheers

Lionel


On 18 November 2017 at 13:59, Joel Pearson <japear...@agiledigital.com.au>
wrote:

> Hi,
>
> I'm using OpenShift 3.6.1 in AWS and I tried using "oc import-image" to
> pull an image from one openshift cluster to another.  I setup the docker
> secrets, and it appeared to be working as there was a bunch of metadata
> visible in the image stream.
>
> However, when actually started a pod, it seemed at that point it tried to
> get the actual layers from the remote registry of the other openshift
> cluster, at this point it got some authentication error, which is super
> bizarre since it happily imported all the metadata fine.
>
> Is there some way to actually do the equivalent of docker pull?  So that
> the image data is transferred in that moment, as opposed to a on-demand
> "lazy" transfer?
>
> Can "oc tag" actually copy the data?
>
> Thanks,
>
> Joel
>
> _______________________________________________
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>

_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to