Create image-stream on image from private registry on OpenShift

Question

I've set up an OpenShift Origin 1.1.3 cluster. Now I'm pulling images from a private registry. This registry is 'insecure'. It has self-signed certificates and credentials to authenticate. I'm able to perform a docker login and to pull the image manually on my node.

The problem is that only that node can access the image. So when I'm scaling my pod (based on that image), all replica's will run on that specific node. Other nodes are not able to pull or use the image.

So I want to create an image-stream for my image:

oc import-image --insecure=true ec2-xxx:5000/image

But:       message: you may not have access to the Docker image "ec2-xxx:5000/image"
      reason: Unauthorized

I read about creating a secret. I created it:

oc secrets new-dockercfg mysecret --docker-server=ec2-xxx:5000 --docker-username=*** --docker-password=*** [email protected]

How do I have to add this secret to my image-stream? And is this the right approach?

Answer 1

@cloudnoob his answer helped me a lot. But the main problem was that I've created my secret in the wrong way. I saw this after starting the OpenShift master with loglevel 5.

Unable to find a secret to match https://ec2-xxx:5000/v2/test/image/manifests/83 

So I had to create my secret with https (it's called insecure with selfsigned certificates but it's using https):

oc secrets new-dockercfg mysecret --docker-server=https://ec2-xxx:5000 --docker-username=*** --docker-password=*** [email protected]

After this step I had to perform the steps of cloudnoob. Adding the secrets to the service accounts. After that the import is a succes.