Реестр OpenShift docker с SSL не может извлечь изображение из Registry-1. docker .io

Question

Может ли кто-нибудь помочь мне со следующей ошибкой?

Команда: docker pull registry.mydomain / openshift / postgresql: 10

Попытка вытащить репозиторий registry.mydomain / openshift / postgresql ... unknown: невозможно извлечь манифест из docker .io / centos / postgresql -10-centos7: последний: получить https://registry-1.docker.io/v2/: x509 : сертификат действителен для * .apps.mydomain .br, * .mydomain, mydomain, а не Registry-1. docker .io

Мой Openshift Cluster был развернут с Ansible с использованием сертификатов домена mydomain и * .mydomain

Мой реестр был развернут со следующей информацией:

openshift_hosted_registry_routehost = registry.mydomain
openshift_hosted_registry_routetermination = reencrypt
openshift_hosted_registry_routecertificates = {"certfile": "/root/.acme.sh/mydomain/fullchain.cer", "keyfile": "/root/.acme.sh/mydomain/mydomain.key", "cafile": "/ root /.acme.sh/mydomain/ca.cer "}

Я могу отправлять и загружать изображения, которые не были предварительно установлены.

Docker Версия

docker version
Client:
 Version:         1.13.1
 API version:     1.26
 Package version: docker-1.13.1-108.git4ef4b30.el7.centos.x86_64
 Go version:      go1.10.3
 Git commit:      4ef4b30/1.13.1
 Built:           Tue Jan 21 17:16:25 2020
 OS/Arch:         linux/amd64

Server:
 Version:         1.13.1
 API version:     1.26 (minimum version 1.12)
 Package version: docker-1.13.1-108.git4ef4b30.el7.centos.x86_64
 Go version:      go1.10.3
 Git commit:      4ef4b30/1.13.1
 Built:           Tue Jan 21 17:16:25 2020
 OS/Arch:         linux/amd64
 Experimental:    false

системный выпуск

$ cat /etc/system-release
CentOS Linux release 7.7.1908 (Core)

Версия Openshift

oc version
oc v3.11.0+62803d0-1
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://internal.mydomain:8443
openshift v3.11.0+4986039-380
kubernetes v1.11.0+d4cacc0

Docker Регистрация в реестре

docker регистрация -p $ TOKEN -u неиспользуемый registry.mydomain

time="2020-02-28T12:21:28.837813437Z" level=info msg=response go.version=go1.10.3 http.request.host="10.128.1.92:5000" http.request.id=0fed26c7-36e5-4ab2-ab13-2c1c29a2b259 http.request.method=GET http.request.remoteaddr="10.128.0.1:47730" http.request.uri=/healthz http.request.useragent=kube-probe/1.11+ http.response.duration="76.879µs" http.response.status=200 http.response.written=0 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:21:28.89850654Z" level=info msg=response go.version=go1.10.3 http.request.host="10.128.1.92:5000" http.request.id=e2a479ee-4ef4-41f3-8487-197cf4a41101 http.request.method=GET http.request.remoteaddr="10.128.0.1:47734" http.request.uri=/healthz http.request.useragent=kube-probe/1.11+ http.response.duration="76.014µs" http.response.status=200 http.response.written=0 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:21:31.957925252Z" level=warning msg="error authorizing context: authorization header required" go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=01bff5d6-4551-4727-bc38-7c42ac2e6071 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri=/v2/ http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:21:31.957987775Z" level=info msg=response go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=4a666f33-664f-4128-925c-24f62b2521c8 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri=/v2/ http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration=2.671186ms http.response.status=401 http.response.written=87 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:21:32.871527474Z" level=info msg="response completed" go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=c3c08ea0-4ec6-4e88-ac76-d9194a5f5247 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri="/openshift/token?account=unused&client_id=docker&offline_token=true" http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" http.response.contenttype=application/json http.response.duration=8.804083ms http.response.status=200 http.response.written=117 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:21:32.871623526Z" level=info msg=response go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=25c475a1-9932-443b-93a3-5b72a6e4afb2 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri="/openshift/token?account=unused&client_id=docker&offline_token=true" http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" http.response.contenttype=application/json http.response.duration=8.941593ms http.response.status=200 http.response.written=117 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:21:33.798892355Z" level=info msg="response completed" go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=3c1835f9-f346-4681-a409-10eb6ea77dda http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri=/v2/ http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration=7.018265ms http.response.status=200 http.response.written=2 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:21:33.799005056Z" level=info msg=response go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=448cc197-c26d-47ca-8c4c-ac46ff2bd45c http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri=/v2/ http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration=7.195425ms http.response.status=200 http.response.written=2 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 

o c logs -f dc / docker -registry

docker pull registry.mydomain / openshift / postgresql

time="2020-02-28T12:22:08.869375236Z" level=info msg=response go.version=go1.10.3 http.request.host="10.128.1.92:5000" http.request.id=62be9c9a-0156-4e18-bc7a-714f002f48bb http.request.method=GET http.request.remoteaddr="10.128.0.1:48196" http.request.uri=/healthz http.request.useragent=kube-probe/1.11+ http.response.duration="94.398µs" http.response.status=200 http.response.written=0 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:22:08.89814441Z" level=info msg=response go.version=go1.10.3 http.request.host="10.128.1.92:5000" http.request.id=a340325c-99ea-403f-9f17-a4480f6f27d9 http.request.method=GET http.request.remoteaddr="10.128.0.1:48200" http.request.uri=/healthz http.request.useragent=kube-probe/1.11+ http.response.duration="64.07µs" http.response.status=200 http.response.written=0 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:22:09.001386773Z" level=warning msg="error authorizing context: authorization header required" go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=1a00c57e-cdeb-4f3a-b42a-b99d9d42c2c1 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri=/v2/ http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:22:09.001455914Z" level=info msg=response go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=7b77031f-d3a4-4b2b-b955-a3a4ee03fa12 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri=/v2/ http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration=1.813096ms http.response.status=401 http.response.written=87 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:22:09.993923431Z" level=info msg="response completed" go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=39db605e-97bb-4fb4-afeb-aa42ec7a11b2 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri="/openshift/token?account=unused&scope=repository%3Aopenshift%2Fpostgresql%3Apull" http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" http.response.contenttype=application/json http.response.duration=11.203991ms http.response.status=200 http.response.written=117 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:22:09.993996524Z" level=info msg=response go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=cd87312d-3da1-4167-b0a9-85878649f3a3 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri="/openshift/token?account=unused&scope=repository%3Aopenshift%2Fpostgresql%3Apull" http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" http.response.contenttype=application/json http.response.duration=12.704397ms http.response.status=200 http.response.written=117 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b 
time="2020-02-28T12:22:10.946460589Z" level=error msg="unable to get manifest from image object: manifest is not present in image object sha256:593bb8db33565e4f5f8344179b2b79c5589d765fa7ba47cad8d221397aa62aa1 (mediatype=\"application/vnd.docker.distribution.manifest.v2+json\")" go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=979e829b-84ef-4509-ae0f-4e729cebd6c2 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri=/v2/openshift/postgresql/manifests/latest http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b openshift.auth.user=my.username openshift.auth.userid=3b680b58-5982-11ea-bf20-0050563cce60 vars.name=openshift/postgresql vars.reference=latest 
time="2020-02-28T12:22:11.353053775Z" level=error msg="response completed with error" err.code="openshift pullthrough manifest" err.message="unable to pull manifest from docker.io/centos/postgresql-10-centos7:latest: Get https://registry-1.docker.io/v2/: x509: certificate is valid for *.apps.mydomain, *.mydomain, mydomain, not registry-1.docker.io" go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=979e829b-84ef-4509-ae0f-4e729cebd6c2 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri=/v2/openshift/postgresql/manifests/latest http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration=429.904771ms http.response.status=404 http.response.written=297 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b openshift.auth.user=my.username openshift.auth.userid=3b680b58-5982-11ea-bf20-0050563cce60 vars.name=openshift/postgresql vars.reference=latest 
time="2020-02-28T12:22:11.353143018Z" level=info msg=response go.version=go1.10.3 http.request.host=registry.mydomain http.request.id=b5788d47-1554-4732-96aa-ac1874bf6768 http.request.method=GET http.request.remoteaddr=IP_NAT_LDAP_CORP http.request.uri=/v2/openshift/postgresql/manifests/latest http.request.useragent="docker/18.09.6 go/go1.10.8 git-commit/481bc77 kernel/4.15.0-30deepin-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.6 \(linux\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration=430.051243ms http.response.status=404 http.response.written=297 instance.id=2b0ba313-4b5b-4aa0-be83-dde5c083ba5b