Open csantanapr opened 3 years ago
Any update on this @csantanapr? I am in a similar position (not an http 401), but when I apply the subscription, the image path to the operator is referencing the external image url (not the internal one). Not sure if this is related, but I am pretty sure that this stems from building and pushing the index image
requiring me to use the external url (as opposed to the internal image-registry.openshift-image-registry.svc:5000/my-project/my-operator-index:tag
path)
AFAIK, there is no need to redirect HTTP to HTTPS. Removing --skip-tls=true worked for me. HTH
We are trying to build generic devops pipelines using OpenShift Pipelines (Tekton)
We want to have a devops pipeline that allows developer push their operator source code to git, and this triggers a tekton pipeline and for the development phase, we want to leverage the internal openshift image registry
image-registry.openshift-image-registry.svc
because this helps with latency when pushing/pulling also managing access per teams and projects using OpenShift RBAC each team can access their namespace imagestreams.For authentication I don't know how to configure opm with the credentials of the service account
pipeline
(default for Tekton), when I usebuildah
I don't pass credentials buildah autodetectsIn all opm commands below I configured
$HOME/.docker/config.json
withkubeadmin
and$(oc whoami -t)
, notice I don't want to use pull-tool docker, I'm not passing a pull-tool since I'm just doing a generate Dockerfile and not going to build the image catalog image with opm, I will be using buildah in a later tekton task using the generated DockerfileWe have the following line in our pipeline with opm
The error logs
400 Bad Request
I tried to debug the problem by exposing the registry and trying opm from my laptop, it doesn't work but I get a different problem
The error logs
503 Service Unavailable
Then I updated the OpenShfit route to redirect HTTP to HTTPS
Then try again
The error log
401 Unauthorized