[Ci-users] Using BuildConfigs/ImageStreams from OpenShift in Duffy machines

Mon Oct 26 08:47:03 UTC 2020
Niels de Vos <ndevos at redhat.com>

Hi!

To speed up some of the testing we do on bare-metal machines provisioned
through Duffy, I would like to pull pre-build images from the OpenShift
registry. The images are built through a BuildConfig and placed in an
ImageStream.

Now, it seems that the Duffy provisioned bare-metal systems can not pull
from the internal OpenShift registry:

[root at n46 ~]# podman pull image-registry.openshift-image-registry.svc.apps.ocp.ci.centos.org:5000/ceph-csi/ceph-csi:test
Trying to pull image-registry.openshift-image-registry.svc.apps.ocp.ci.centos.org:5000/ceph-csi/ceph-csi:test...
  Get https://image-registry.openshift-image-registry.svc.apps.ocp.ci.centos.org:5000/v2/: dial tcp 172.19.0.254:5000: connect: no route to host
Error: error pulling image "image-registry.openshift-image-registry.svc.apps.ocp.ci.centos.org:5000/ceph-csi/ceph-csi:test": unable to pull image-registry.openshift-image-registry.svc.apps.ocp.ci.centos.org:5000/ceph-csi/ceph-csi:test: unable to pull image: Error initializing source docker://image-registry.openshift-image-registry.svc.apps.ocp.ci.centos.org:5000/ceph-csi/ceph-csi:test: error pinging docker registry image-registry.openshift-image-registry.svc.apps.ocp.ci.centos.org:5000: Get https://image-registry.openshift-image-registry.svc.apps.ocp.ci.centos.org:5000/v2/: dial tcp 172.19.0.254:5000: connect: no route to host


I wonder if this is intentional, or if this is a little too strict? If
this can not be allowed through the firewall, what is the recommendation
to use these images? Maybe we should deploy our own registry and push
the images there...

Thanks!
Niels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 858 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20201026/995aecf0/attachment-0004.sig>