Why can't I push images to the internal registry from outside the VPC network?
Infrastructure provider and applicable versions:
- VPC
- Red Hat OpenShift 4.4 or later
When you try to push container images to the internal Red Hat OpenShift container image registry, the push fails with a message similar to the following.
dial tcp 161.26.0.28:443: connect: network is unreachable
Red Hat OpenShift on IBM Cloud clusters that run on the VPC infrastructure provider use IBM Cloud Object Storage to store data from the cluster's internal container registry. By default, access to the Object Storage endpoint is available only from inside a VPC instance. Therefore, when external process such as a local machine or CI/CD pipeline try to push container images to the internal registry from outside the VPC, the image push fails.
Modify the custom resource of the internal image registry operator to proxy container image traffic through the internal registry pods to the direct Object Storage endpoints.
Run the following command to patch the configs.imageregistry.operator.openshift.io/cluster resource to set the disableRedirect property to true.
oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"disableRedirect":true}}' --type=merge