oc cluster up warnings

oc cluster up warnings

As part of my demo of oc in the OpenShift for Mere Mortals blog series, I did have to add an insecure flag to my Docker daemon, but only because the internal registry that OpenShift will create for its own operations uses a self-signed certificate. You can generate certificates and secure it if you want, but out of the box it is self-signed:

$ oc cluster up
Pulling image openshift/origin:v3.9.0
Pulled 1/4 layers, 27% complete
Pulled 2/4 layers, 78% complete
Pulled 3/4 layers, 87% complete
Pulled 4/4 layers, 100% complete
Extracting
Image pull complete
error: FAIL
   Error: did not detect an --insecure-registry argument on the Docker daemon
   Solution:

     Ensure that the Docker daemon is running with the following argument:
        --insecure-registry 172.30.0.0/16

You can find the instructions for doing that here. Once I had corrected that, I also had to add a NO_PROXY entry to the daemon (I use systemd for managing my daemon, and the proxies are configured through it):

$ oc cluster up                                                           Using nsenter mounter for OpenShift volumes
Using 127.0.0.1 as the server IP
Starting OpenShift using openshift/origin:v3.9.0 ...
OpenShift server started.
...
WARNING: A proxy is configured for Docker, however 172.30.1.1 is not included in its NO_PROXY list.
   172.30.1.1 needs to be included in the Docker daemon's NO_PROXY environment variable so pushes to the local OpenShift registry can succeed.      

You can find the instructions for configuring this for systemd here. If you don't use systemd, you can also configure your Docker client to use proxies - instructions are here. I also got a warning about HTTP_PROXY and HTTPS_PROXY (which were configured for the daemon but were not passed to oc, but you can pass these in with some switches (in this case I'm referencing proxies set in environmental variables):

oc cluster up --http-proxy=${HTTP_PROXY} --https-proxy=${HTTPS_PROXY}

Related Article