On Thu, Apr 19, 2018 at 8:06 AM, Clayton Coleman <ccole...@redhat.com> wrote:
> > > On Apr 19, 2018, at 4:44 AM, marc.schle...@sdv-it.de wrote: > > Hello everyone > > I was asking this question already on the Openshift Google Group but was > redirected to this list in the hope to find someone who knows the details > about the current "oc cluster up" command. > > > I am facing some trouble using the "oc cluster up" command within our > corporate environment. The main pain-point is that no external registry is > available from inside our network. The only way to pull images is via a > proxy registry (which mirror dockerhub and the redhat registry). > > So I configured my local Docker daemon to use this registry by specifying > "insecure-registries" and "registry-mirrors". Especially the mirror is > important because it causes Docker to look at the specified registry first. > By configuring Docker this way, the command "oc cluster up" can pull the > necessary images. > > Unfortunately, when running Openshift and adding a deployment based on an > template/imagestream, no deployment happens. Message is: A new deployment > will start automatically when an image is pushed to openshift/jenkins:2 > <https://10.0.75.2:8443/console/project/openshift/browse/images/jenkins>. > > When checking the imagestreams I can see > > > $ oc get is -n openshift > NAME DOCKER REPO TAGS > UPDATED > dotnet 172.30.1.1:5000/openshift/dotnet 2.0 > dotnet-runtime 172.30.1.1:5000/openshift/dotnet-runtime 2.0 > httpd 172.30.1.1:5000/openshift/httpd 2.4 > jenkins 172.30.1.1:5000/openshift/jenkins 1,2 > mariadb 172.30.1.1:5000/openshift/mariadb 10.1,10.2 > mongodb 172.30.1.1:5000/openshift/mongodb 2.4,2.6,3.2 + > 1 more... > mysql 172.30.1.1:5000/openshift/mysql 5.7,5.5,5.6 > nginx 172.30.1.1:5000/openshift/nginx 1.10,1.12,1.8 > nodejs 172.30.1.1:5000/openshift/nodejs 0.10,4,6 + 1 > more... > perl 172.30.1.1:5000/openshift/perl 5.16,5.20,5.24 > php 172.30.1.1:5000/openshift/php 5.5,5.6,7.0 + > 1 more... > postgresql 172.30.1.1:5000/openshift/postgresql 9.4,9.5,9.6 + > 1 more... > python 172.30.1.1:5000/openshift/python 3.4,3.5,3.6 + > 2 more... > redis 172.30.1.1:5000/openshift/redis 3.2 > ruby 172.30.1.1:5000/openshift/ruby 2.0,2.2,2.3 + > 1 more... > wildfly 172.30.1.1:5000/openshift/wildfly 10.0,10.1,8.1 > + 1 more... > > > It seems the Images are not available in the internal docker registry > (inside kubernetes) and they are not pulled on the host either. > > > > $ docker images > REPOSITORY TAG IMAGE ID > CREATED SIZE > openshift/origin-web-console v3.9.0 60938911a1f9 > 11 days ago 485MB > openshift/origin-docker-registry v3.9.0 2663c9df9123 > 11 days ago 455MB > openshift/origin-haproxy-router v3.9.0 c70d45de5384 > 11 days ago 1.27GB > openshift/origin-deployer v3.9.0 378ccd170718 > 11 days ago 1.25GB > openshift/origin v3.9.0 b5f178918ae9 > 11 days ago 1.25GB > openshift/origin-pod v3.9.0 1b36bf755484 > 11 days ago 217MB > > I would expect that the containerized Openshift variant uses the > configuration provided by the Docker installation on the host-system. > > > I've also tried to Import an imagestream manually but it failed because > our proxy-registry is not whitelisted > > > $ oc import-image my-jenkins --from=docker-proxy.de:5000/openshift/jenkins > -2-centos7 --confirm > The ImageStream "my-jenkins" is invalid: spec.tags[latest].from.name: > Forbidden: registry "*docker-proxy.de:5000* <http://docker-proxy.de:5000/> > " not allowed by whitelist: "*172.30.1.1:5000* <http://172.30.1.1:5000/>", > "*docker.io:443* <http://docker.io:443/>", "*.*docker.io:443* > <http://docker.io:443/>", "*.*redhat.com:443* <http://redhat.com:443/>", > and 5 more .. > > > > Is there any way to redirect the pull of the imagestreams to our corporate > Proxy? > Or can I modify the imagestreams somehow to hardcode the registry? > > > You can update the image streams to change the registry. > You can also set a proxy for the master, which is the process doing the imports and which presumably needs the proxy configured, by passing these args to oc cluster up: --http-proxy='': HTTP proxy to use for master and builds --https-proxy='': HTTPS proxy to use for master and builds I believe that should enable your existing imagestreams (not the ones pointing to the proxy url) to import. > > > best regards > Marc > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > -- Ben Parees | OpenShift
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users