Build include private registry follows error in bootstrap "x509: certificate signed by unknown authority"

[aseelert]

I used following snip setting in ocp4-helpernode/vars.yaml

setup_registry:
  deploy: true
  autosync_registry: false
  registry_image: docker.io/library/registry:2
  local_repo: "ocp4/openshift4"
  product_repo: "openshift-release-dev"
  release_name: "ocp-release"
  release_tag: "4.8.14-x86_64"
  registry_user: "admin"
  registry_password: "admin"

here my ignition build

apiVersion: v1
baseDomain: example.com
compute:
- hyperthreading: Enabled
  name: worker
  replicas: 2
controlPlane:
  hyperthreading: Enabled
  name: master
  replicas: 3
metadata:
  name: ocp4
networking:
  clusterNetworks:
  - cidr: 10.254.0.0/16
    hostPrefix: 24
  networkType: OpenShiftSDN
  serviceNetwork:
  - 172.30.0.0/16
platform:
  none: {}
pullSecret: '$(< ~/.openshift/pull-secret)'
sshKey: '$(< ~/.ssh/helper_rsa.pub)'
imageContentSources:
- mirrors:
  - registry.ibmas-ocp4.ibmas-localdomain.com:5000/ocp-release/openshift4
  source: quay.io/openshift-release-dev/ocp-release
- mirrors:
  - registry.ibmas-ocp4.ibmas-localdomain.com:5000/ocp-release/openshift4
  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev

so registry and certificates got created and Rodman started correctly. But while starting the bootstrap node, I get the following error for my mirrored registry

https://registry.ibmas-ocp4.ibmas-localdomain.com:5000/v2/": x509: certificate signed by unknown authority]): quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb: error pinging docker registry quay.io: Get "https://quay.io/v2/": dial tcp: lookup quay.io on 192.168.7.1:53: read udp 192.168.7.20:44803->192.168.7.1:53: i/o timeout Apr 28 12:26:50 bootstrap.ibmas-ocp4.ibmas-localdomain.com release-image-download.sh[1265]: Pull failed. Retrying quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb... Apr 28 12:27:31 bootstrap.ibmas-ocp4.ibmas-localdomain.com release-image-download.sh[1265]: Error: Error initializing source docker://quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb: (Mirrors also failed: [registry.ibmas-ocp4.ibmas-localdomain.com:5000/ocp-release/openshift4@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb: error pinging docker registry registry.ibmas-ocp4.ibmas-localdomain.com:5000: Get "https://registry.ibmas-ocp4.ibmas-localdomain.com:5000/v2/": x509: certificate signed by unknown authority]): quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb: error pinging docker registry quay.io: Get "https://quay.io/v2/": dial tcp: lookup quay.io on 192.168.7.1:53: read udp 192.168.7.20:40804->192.168.7.1:53: i/o timeout Apr 28 12:27:31 bootstrap.ibmas-ocp4.ibmas-localdomain.com release-image-download.sh[1265]: Pull failed. Retrying quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb... Apr 28 12:28:11 bootstrap.ibmas-ocp4.ibmas-localdomain.com release-image-download.sh[1265]: Error: Error initializing source docker://quay.io/openshift-release-dev/ocp-release@sha256:bf48faa639523b73131ec7c91637d5c94d33a4afe09ac8bdad672862f5e86ccb: (Mirrors also failed: [reg

[christianh814]

You need to add the certificate bundle for the registry

There probably should be something in the doc about this