Origin: Cannot import images from private docker registry - importing images from registry "localhost:5000" is forbidden
Hello all,
I just tried to import images from my private docker registry. I tried many things but in the end , I have always the same error : importing images from registry "localhost:5000" is forbidden, only images from "docker.io,.docker.io,registry.access.redhat.com,gcr.io,quay.io,.amazonaws.com" are allowed
Version
openshift v3.6.0-alpha.2+c7a38d7-192
Steps To Reproduce
oc new-app localhost:5000/v2/pg96:latest --insecure-registry=true --loglevel=8
Current Result
I0620 15:41:10.320546 2720 loader.go:354] Config loaded from file /home/user/.kube/config
I0620 15:41:10.321287 2720 cached_discovery.go:112] returning cached discovery info from /home/user/.kube/localhost_8443/servergroups.json
I0620 15:41:10.322924 2720 sourcelookup.go:77] localhost:5000/v2/pg96:latest is not a valid remote git clone spec
I0620 15:41:10.322949 2720 newapp.go:234] treating localhost:5000/v2/pg96:latest as a component ref
warning: Cannot find git. Ensure that it is installed and in your path. Git is required to work with git repositories.
I0620 15:41:10.323018 2720 imagestreamlookup.go:41] image streams must be of the form [
I0620 15:41:10.323034 2720 templatelookup.go:36] template references must be of the form [
I0620 15:41:10.323066 2720 dockerimagelookup.go:79] checking remote registry for "localhost:5000/v2/pg96:latest"
I0620 15:41:10.323561 2720 request.go:559] Request Body: "{\"kind\":\"ImageStreamImport\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"newapp\",\"creationTimestamp\":null},\"spec\":{\"import\":false,\"images\":[{\"from\":{\"kind\":\"DockerImage\",\"name\":\"localhost:5000/v2/pg96:latest\"},\"importPolicy\":{\"insecure\":true}}]},\"status\":{}}\n"
I0620 15:41:10.323603 2720 round_trippers.go:296] POST https://localhost:8443/oapi/v1/namespaces/sdm/imagestreamimports
I0620 15:41:10.323608 2720 round_trippers.go:303] Request Headers:
I0620 15:41:10.323612 2720 round_trippers.go:306] Accept: application/json, /
I0620 15:41:10.323616 2720 round_trippers.go:306] Content-Type: application/json
I0620 15:41:10.323619 2720 round_trippers.go:306] User-Agent: oc/v1.5.1+7b451fc (linux/amd64) openshift/0ef5dda
I0620 15:41:10.323623 2720 round_trippers.go:306] Authorization: Bearer PyXCH_jHsP6vUtfVultKdSisKlF7f8OirNpAPHPrMI0
I0620 15:41:10.346120 2720 round_trippers.go:321] Response Status: 422 Unprocessable Entity in 22 milliseconds
I0620 15:41:10.346133 2720 round_trippers.go:324] Response Headers:
I0620 15:41:10.346137 2720 round_trippers.go:327] Date: Tue, 20 Jun 2017 13:41:10 GMT
I0620 15:41:10.346140 2720 round_trippers.go:327] Cache-Control: no-store
I0620 15:41:10.346143 2720 round_trippers.go:327] Content-Type: application/json
I0620 15:41:10.346145 2720 round_trippers.go:327] Content-Length: 774
I0620 15:41:10.346171 2720 request.go:905] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"ImageStreamImport.image.openshift.io \"newapp\" is invalid: spec.images[0].from.name: Invalid value: \"pg96\": importing images from registry \"localhost:5000\" is forbidden, only images from \"docker.io,.docker.io,registry.access.redhat.com,gcr.io,quay.io,.amazonaws.com\" are allowed","reason":"Invalid","details":{"name":"newapp","group":"image.openshift.io","kind":"ImageStreamImport","causes":[{"reason":"FieldValueInvalid","message":"Invalid value: \"pg96\": importing images from registry \"localhost:5000\" is forbidden, only images from \"docker.io,.docker.io,registry.access.redhat.com,gcr.io,quay.io,.amazonaws.com\" are allowed","field":"spec.images[0].from.name"}]},"code":422}
I0620 15:41:10.346187 2720 request.go:996] Response Body: "{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"ImageStreamImport.image.openshift.io \\"newapp\\" is invalid: spec.images[0].from.name: Invalid value: \\"pg96\\": importing images from registry \\"localhost:5000\\" is forbidden, only images from \\"docker.io,.docker.io,registry.access.redhat.com,gcr.io,quay.io,.amazonaws.com\\" are allowed\",\"reason\":\"Invalid\",\"details\":{\"name\":\"newapp\",\"group\":\"image.openshift.io\",\"kind\":\"ImageStreamImport\",\"causes\":[{\"reason\":\"FieldValueInvalid\",\"message\":\"Invalid value: \\"pg96\\": importing images from registry \\"localhost:5000\\" is forbidden, only images from \\"docker.io,.docker.io,registry.access.redhat.com,gcr.io,quay.io,.amazonaws.com\\" are allowed\",\"field\":\"spec.images[0].from.name\"}]},\"code\":422}\n"
I0620 15:41:10.346363 2720 dockerimagelookup.go:98] checking local Docker daemon for "localhost:5000/v2/pg96:latest"
I0620 15:41:10.347848 2720 dockerimagelookup.go:369] exact match on "localhost:5000/v2/pg96:latest"
I0620 15:41:10.347865 2720 dockerimagelookup.go:403] partial match on "localhost:5000/v2/pg96:test" with 0.250000
I0620 15:41:10.347876 2720 dockerimagelookup.go:113] Found local docker image match "localhost:5000/v2/pg96:latest" with score 0.000000
I0620 15:41:10.347884 2720 dockerimagelookup.go:113] Found local docker image match "localhost:5000/v2/pg96:test" with score 0.250000
I0620 15:41:10.350388 2720 componentresolvers.go:59] Error from resolver: [can't lookup images: ImageStreamImport.image.openshift.io "newapp" is invalid: spec.images[0].from.name: Invalid value: "pg96": importing images from registry "localhost:5000" is forbidden, only images from "docker.io,.docker.io,registry.access.redhat.com,gcr.io,quay.io,.amazonaws.com" are allowed]
F0620 15:41:10.350450 2720 helpers.go:116] error: can't lookup images: ImageStreamImport.image.openshift.io "newapp" is invalid: spec.images[0].from.name: Invalid value: "pg96": importing images from registry "localhost:5000" is forbidden, only images from "docker.io,.docker.io,registry.access.redhat.com,gcr.io,quay.io,.amazonaws.com" are allowed
error: no match for "localhost:5000/v2/pg96:latest"
The 'oc new-app' command will match arguments to the following types:
- Images tagged into image streams in the current project or the 'openshift' project
- if you don't specify a tag, we'll add ':latest'
- Images in the Docker Hub, on remote registries, or on the local Docker engine
- Templates in the current project or the 'openshift' project
- Git repository URLs or local paths that point to Git repositories
--allow-missing-images can be used to point to an image that does not exist yet.
Don't know what to do now.... :/
Thank you for any help.
davivd
All 4 comments
you have to add the registry into list inside master-config.yaml:
imagePolicyConfig:
allowedRegistriesForImport:
- domainName: localhost
mfojtik
on 22 Jun 2017
@mfojtik where can i find that file? I installed openshift origin using the quick start guide via a docker container.
fctucker
on 6 Jul 2017
Hi @fctucker, if you created the cluster using the advanced method, you can use this config:
# Docker Configuration
# Add additional, insecure, and blocked registries to global docker configuration
# For enterprise deployment types we ensure that registry.access.redhat.com is
# included if you do not include it
#openshift_docker_additional_registries=registry.example.com
#openshift_docker_insecure_registries=registry.example.com
#openshift_docker_blocked_registries=registry.hacker.com
Help from this file.
I hope help.
ephillipe
on 1 Aug 2017
This is not a bug, just configuration issue. Closing this.
mfojtik
on 23 Aug 2017
Related issues
cello86
路
44Comments
jeremyeder
路
59Comments
deanpeterson
路
59Comments
stevekuznetsov
路
67Comments
gbaufake
路
46Comments
Most helpful comment
you have to add the registry into list inside master-config.yaml: