I am running OpenShift 3.11 version and followed instructions from this documentation: https://docs.openshift.com/container-platform/3.11/install_config/registry/accessing_registry.html
However, whenever I run the below command, I see the error:
docker push 172.30.<num>.<num>:5000/project/image
received unexpected HTTP status: 500 Internal Server Error
I also checked the output of registry logs:
oc logs dc/docker-registry
It blurts out huge output but here is what caught my attention:
imagestreams.image.openshift.io <> is forbidden: User \"system:serviceaccount:registry\" cannot get imagestreams.image.openshift.io in the namespace \"<>\": no RBAC policy matched"
Therefore, I am confused why I am getting this permission issue. As per the documentation, it should have worked and there should not be any need for image stream and I should be able to push docker images directly into the registry. Does anyone have an idea what I am missing here?
EDIT:
Below is the complete list commands for the entire setup:
oc cluster up <params>
Created a new project as a test setup and that works.
htpasswd -c /etc/origin/openshift-htpasswd <username> (I use the same <username> by using which I created the project above.)
oc login -u <username> -p <password>
oc policy add-role-to-user registry-editor <username>
oc adm registry
oc get svc/docker-registry (make note of cluster ip and port)
Modify or create /etc/docker/daemon.json
{
"insecure-registries" : [ "cluster ip:port" ]
}
systemctl restart docker
Restart cluster and login again using <username>
docker login -u nouser -p $(oc whoami -t) cluster ip:port
docker push cluster ip:port/project/image
This is where I see 500 internal server error.
Cluster ip has the format of 172.30.<num>.<num>:5000
EDIT 2: When I create the registry using the below command, I get some errors that it already exists even though I delete it beforehand:
oc adm registry (for creating registry)
oc delete dc/docker-registry svc/docker-registry (for deleting registry)
I do delete them since I have been repeating these steps multiple times to figure out the cause of this issue. Do you think this output looks troublesome?
EDIT 3: More info from error message:
findBlobStore: unable get access to imagestream myproject/busybox: ImageStream:Forbidden: Exists: failed to get image stream myproject/busybox: ImageStreamGetter:Forbidden: myproject/busybox: imagestreams.image.openshift.io \"busybox\" is forbidden: User \"system:serviceaccount:myproject:registry\" cannot get imagestreams.image.openshift.io in the namespace \"myproject\": no RBAC policy matched"
