-Djib.allowInsecureRegistries=true does not seems to work

[chmouel]

Environment: Docker image: gcr.io/cloud-builders/mvn

• Jib version: 1.6.1

• *Build tool: Maven

• OS: Docker Container

Description of the issue:

I am trying to use the -Djib.allowInsecureRegistries=true option to my tool and I am getting an error of this type when using it :

building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I am using it while building a sample helloworld application https://github.com/che-samples/console-java-simple

Expected behavior:

Working

Steps to reproduce:

1. Checkout https://github.com/che-samples/console-java-simple
2. docker run -v it to /builder/home
3. Run

    - mvn
    - compile
    - com.google.cloud.tools:jib-maven-plugin:build
    - -Duser.home=/builder/home
    - -Dimage=image-registry.openshift-image-registry.svc:5000/test/image
    - -Djib.allowInsecureRegistries=true

Log output:

Full log output

[INFO] Scanning for projects...
Downloading from central: https://repo.maven.apache.org/maven2/com/google/cloud/tools/jib-maven-plugin/maven-metadata.xml
Progress (1): 1.5 kB
Downloaded from central: https://repo.maven.apache.org/maven2/com/google/cloud/tools/jib-maven-plugin/maven-metadata.xml (1.5 kB at 2.5 kB/s)

Downloading from central: https://repo.maven.apache.org/maven2/com/google/cloud/tools/jib-maven-plugin/1.6.1/jib-maven-plugin-1.6.1.pom

Progress (1): 2.2/3.5 kB

Progress (1): 3.5 kB
[...]
[INFO] Containerizing application to image-registry.openshift-image-registry.svc:5000/tekton-pipelines/console-java-simple...

[INFO] Retrieving registry credentials for image-registry.openshift-image-registry.svc:5000...

[INFO] Getting base image gcr.io/distroless/java:8...

[INFO] Building resources layer...

[INFO] Building classes layer...

[INFO]

[INFO] ------------------------------------------------------------------------

[INFO] BUILD FAILURE

[INFO] ------------------------------------------------------------------------

[INFO] Total time:  16.607 s

[INFO] Finished at: 2019-10-17T14:02:14Z

[INFO] ------------------------------------------------------------------------

[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:1.6.1:build (default-cli) on project console-java-simple: Build image failed: Failed to authenticate with registry image-registry.openshift-image-registry.svc:5000/tekton-pipelines/console-java-simple because: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]

[ERROR]

[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.

[ERROR] Re-run Maven using the -X switch to enable full debug logging.

[ERROR]

[ERROR] For more information about the errors and possible solutions, please read the following articles:

[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

[chanseokoh]

Hi @chmouel,

Just for a quick check. Does it work when you put <allowInsecureRegistries>true in pom.xml?

[briandealwis]

Off-line @chanseokoh suggested that your image registry (image-registry.openshift-image-registry.svc:5000) likely requires authentication and we don't send passwords in the clear by default. Please try running with -DsendCredentialsOverHttp=true.

[chmouel]

I have tested against and this time against a image registry from the docker registry image and it worked, i am not sure exactly what goes on with the openshift registry that doesn't allow to upload in there,

I am fine to close this,

[chanseokoh]

I suspect something, and I would like to understand why it's failing with an insecure OpenShift registry. It may not just be the fault of OpenShift, as currently Jib doesn't honor allowInsecureRegistries when talking to an auth server to get an auth token, which I suspect may well be same as openshift-image-registry.svc:5000. If you are willing to lend us some help in analyzing and diagnosing this issue, we should be able to identify the cause and fix it. Our goal is to make Jib work seamlessly on OpenShift. I heard this is on Tekton, so I'm very interested in too. What do you think? At least if you run Jib with -X, Maven will give us a stack trace where in the code it fails to verify the server.

[chmouel]

Yes no worries, I can help with that, I have tried again -DsendCredentialsOverHttp=true and I am still getting the :

[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:1.7.0:build (default-cli) on project console-java-simple: Build image failed: Failed to authenticate with registry image-registry.openshift-image-registry.svc:5000/che-console-java-simple because: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]

The full debug with -X is here debug-file-X.txt

This is indeed with tekton.

If you have a tekton (kubectl create -f https://raw.githubusercontent.com/openshift/tektoncd-pipeline/release-v0.7.0/openshift/release/tektoncd-pipeline-v0.7.0.yaml) and an openshift (you can get one for free here https://try.openshift.com) installed you can easily test the task with these templates (to apply in order):

task.yaml
resources.yaml
run.yaml

which would push to the internal openshfit registry

[cmoulliard]

I can reproduce also this error @chmouel

[chanseokoh]

Thanks @chmouel. The cause is what I suspected before, which is more or less an intended behavior that, although Jib allows talking to insecure registries, it won't allow token exchanges with auth servers which may be a separate auth/login server. But for practical purposes, I am now convinced it is reasonable to lift this restriction. #2100 will fix this.

[chanseokoh]

@chmouel @cmoulliard this should work now with Jib 1.8.0.

[cmoulliard]

I did a new test using the following parameters top of ocp3 and that fails using jib-maven 2.0.0

    - name: build-and-push
      image: gcr.io/cloud-builders/mvn
      command:
        - mvn
        - compile
        - com.google.cloud.tools:jib-maven-plugin:2.0.0:build
        - -Djib.from.image=registry.redhat.io/redhat-openjdk-18/openjdk18-openshift
        - -Djib.allowInsecureRegistries=true
        - -Djib.from.auth.username=my-user
        - -Djib.from.auth.password=my-pwd
        - -Dimage=$(outputs.resources.image.url)

Error

[WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:a5a9de8e13aa6dadffd906df1356f83e29779eb94d686e6762868dea568814ca . Attempting again with no TLS verification.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:293c6a95884c229df98f425c3d58297a868e701fe71a3b8a7d38607d21e8f996 . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:293c6a95884c229df98f425c3d58297a868e701fe71a3b8a7d38607d21e8f996  over HTTPS. Attempting again with HTTP.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:a5a9de8e13aa6dadffd906df1356f83e29779eb94d686e6762868dea568814ca  over HTTPS. Attempting again with HTTP.
  | [INFO] Using base image with digest: sha256:9dab23924157b0c588f738c97b2a1f434315175b0be4156e1877028fa44360a8
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:3a813abe0f1d7a01673bd2cd581a263ea4c3d1a4e1a994efe5bfa685eee2efba . Attempting again with no TLS verification.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:305d73a95c8fece2b53a34e040df1c97eb6b7f7cc4e0a7933465f0b7325e3d72 . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:305d73a95c8fece2b53a34e040df1c97eb6b7f7cc4e0a7933465f0b7325e3d72  over HTTPS. Attempting again with HTTP.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:3a813abe0f1d7a01673bd2cd581a263ea4c3d1a4e1a994efe5bfa685eee2efba  over HTTPS. Attempting again with HTTP.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:00f17e0b37b0515380a4aece3cb72086c0356fc780ef4526f75476bea36a2c8b . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:00f17e0b37b0515380a4aece3cb72086c0356fc780ef4526f75476bea36a2c8b  over HTTPS. Attempting again with HTTP.
  | [INFO]
  | [INFO] ------------------------------------------------------------------------
  | [INFO] BUILD FAILURE
  | [INFO] ------------------------------------------------------------------------
  | [INFO] Total time:  05:49 min
  | [INFO] Finished at: 2020-01-29T19:22:33Z
  | [INFO] ------------------------------------------------------------------------
  | [ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:2.0.0:build (default-cli) on project rest-http: Build image failed, perhaps you should use a registry that supports HTTPS so credentials can be sent safely, or set the 'sendCredentialsOverHttp' system property to true: Required credentials for docker-registry.default.svc:5000/test/sb-image were not sent because the connection was over HTTP -> [Help 1]
  | [ERROR]

If I add to the config too -DsendCredentialsOverHttp=true, then we got this error

[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:2.0.0:build (default-cli) on project rest-http: 
Build image failed: Failed to authenticate with registry docker-registry.default.svc:5000/test/sb-image 
because: server did not return 'WWW-Authenticate: Bearer' header: Basic 
realm=openshift,error="access denied" -> [Help 1]

If I use -Djib.allowInsecureRegistries=false, then we got

[ERROR] I/O error for image [docker-registry.default.svc:5000/test/sb-image]:
--
  | [ERROR]     javax.net.ssl.SSLException
  | [ERROR]     Unsupported or unrecognized SSL message
  | [ERROR] I/O error for image [registry.redhat.io/redhat-openjdk-18/openjdk18-openshift]:
  | [ERROR]     javax.net.ssl.SSLException
  | [ERROR]     Couldn't kickstart handshaking
  | [INFO]
  | [INFO] ------------------------------------------------------------------------
  | [INFO] BUILD FAILURE
  | [INFO] ------------------------------------------------------------------------
  | [INFO] Total time:  05:28 min
  | [INFO] Finished at: 2020-01-29T19:41:50Z
  | [INFO] ------------------------------------------------------------------------
  | [ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:2.0.0:build (default-cli) on project rest-http: Build image failed, perhaps you should use a registry that supports HTTPS or set the configuration parameter 'allowInsecureRegistries': Failed to verify the server at https://docker-registry.default.svc:5000/v2/  because only secure connections are allowed. Unsupported or unrecognized SSL message -> [Help 1]
  | [ERROR]

@chanseokoh @chmouel : This is what I experimented too here : tektoncd/catalog#172

[chanseokoh]

[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:2.0.0:build (default-cli) on project rest-http: 
Build image failed: Failed to authenticate with registry docker-registry.default.svc:5000/test/sb-image 
because: server did not return 'WWW-Authenticate: Bearer' header: Basic 
realm=openshift,error="access denied" -> [Help 1]

This is weird. This can happen in the following case:

1. The registry (docker-registry.default.svc:5000) initially requested and accepted bearer authentication. (That is, the registry returned WWW-Authenticate: Bearer ...). The registry successfully returned a working auth token.
2. Jib uses the returned token for subsequent registry API calls. The token works for a while.
3. Sometime later, the registry returned "401 Unauthorized" when Jib tried to use the same token, most likely because the token expired after 5 minutes. (I can see the Maven build is taking more than 5 minutes, although I don't know the exact expiration time of the token.)
4. Jib now tries to refresh the expired bearer token, but the server returned WWW-Authenticate: Basic ... instead of WWW-Authenticate: Brearer ....

This feels like the server is not returning the right WWW-Authenticate header. The server is supposed to return Bearer instead of Basic in this case. @cmoulliard can you contact the registry developers?

And what is the server implementation (https://docker-registry.default.svc:5000) (Docker Distribution, Quay, OpenShift, CodeReady Containers, ...)? I'l like to set it up locally to reproduce this.

[chanseokoh]

If I use -Djib.allowInsecureRegistries=true, then we got

I believe you meant false, not true. If so, the SSLException is expected because docker-registry.default.svc:5000 speaks HTTP, not HTTPS.

[cmoulliard]

And what is the server implementation

docker deployed on openshift

UPDATED(@chanseokoh): it's the "Integrated OpenShift V3 registry" (#2074 (comment))

[cmoulliard]

can you contact the registry developers?

What do you want to check here ?

[cmoulliard]

here is the config of the docker daemon registry deployed on ocp3

registry config (click to expand)

    - env:
        - name: REGISTRY_HTTP_ADDR
          value: ':5000'
        - name: REGISTRY_HTTP_NET
          value: tcp
        - name: REGISTRY_HTTP_SECRET
          value: HLs5zFGsmzi5tJ7PxeTGwIzWzHowL6evK7CWq0rY4H0=
        - name: REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA
          value: 'false'
      image: 'openshift/origin-docker-registry:v3.11.0'
      imagePullPolicy: IfNotPresent
      livenessProbe:
        failureThreshold: 3
        httpGet:
          path: /healthz
          port: 5000
          scheme: HTTP
        initialDelaySeconds: 10
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 5
      name: registry
      ports:
        - containerPort: 5000
          protocol: TCP
      readinessProbe:
        failureThreshold: 3
        httpGet:
          path: /healthz
          port: 5000
          scheme: HTTP
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 5
      resources:
        requests:
          cpu: 100m
          memory: 256Mi
      securityContext:
        privileged: true
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
        - mountPath: /registry
          name: registry-storage
        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          name: registry-token-t8x7s
          readOnly: true

[cmoulliard]

We also get this error even if the maven builds is about 15s

  | [INFO] Scanning for projects...
-- | --
  | [INFO]
  | [INFO] -------------------< dev.snowdrop.example:rest-http >-------------------
  | [INFO] Building Spring Boot - HTTP Example 1.5.19-7-SNAPSHOT
  | [INFO] --------------------------------[ jar ]---------------------------------
  | [INFO]
  | [INFO] --- maven-enforcer-plugin:3.0.0-M1:enforce (enforce-java-version) @ rest-http ---
  | [INFO]
  | [INFO] --- maven-enforcer-plugin:3.0.0-M1:enforce (enforce-maven-version) @ rest-http ---
  | [INFO]
  | [INFO] --- buildnumber-maven-plugin:1.4:create (get-scm-revision) @ rest-http ---
  | [INFO] Executing: /bin/sh -c cd '/workspace/source' && 'git' 'rev-parse' '--verify' 'HEAD'
  | [INFO] Working directory: /workspace/source
  | [INFO] Storing buildNumber: acc63653e99124c08deeac9c27e5b92b5989abf2 at timestamp: 1580334902784
  | [INFO] Storing buildScmBranch: master
  | [INFO]
  | [INFO] --- maven-resources-plugin:3.0.2:resources (default-resources) @ rest-http ---
  | [INFO] Using 'UTF-8' encoding to copy filtered resources.
  | [INFO] Copying 2 resources
  | [INFO]
  | [INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ rest-http ---
  | [INFO] Changes detected - recompiling the module!
  | [INFO] Compiling 3 source files to /workspace/source/target/classes
  | [INFO]
  | [INFO] --- jib-maven-plugin:2.0.0:build (default-cli) @ rest-http ---
  | [WARNING] Authentication over HTTP is enabled. It is strongly recommended that you do not enable this on a public network!
  | [INFO]
  | [INFO] Containerizing application to docker-registry.default.svc:5000/test/sb-image...
  | [WARNING] Base image 'registry.redhat.io/redhat-openjdk-18/openjdk18-openshift' does not use a specific image digest - build may not be reproducible
  | [INFO] Getting manifest for base image registry.redhat.io/redhat-openjdk-18/openjdk18-openshift...
  | [INFO] Building dependencies layer...
  | [INFO] Building resources layer...
  | [INFO] Building classes layer...
  | [INFO] Using credentials from Docker config (/builder/home/.docker/config.json) for docker-registry.default.svc:5000/test/sb-image
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/ . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/  over HTTPS. Attempting again with HTTP.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:a5a9de8e13aa6dadffd906df1356f83e29779eb94d686e6762868dea568814ca . Attempting again with no TLS verification.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:293c6a95884c229df98f425c3d58297a868e701fe71a3b8a7d38607d21e8f996 . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:293c6a95884c229df98f425c3d58297a868e701fe71a3b8a7d38607d21e8f996  over HTTPS. Attempting again with HTTP.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:a5a9de8e13aa6dadffd906df1356f83e29779eb94d686e6762868dea568814ca  over HTTPS. Attempting again with HTTP.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/uploads/ . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/uploads/  over HTTPS. Attempting again with HTTP.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/uploads/ . Attempting again with no TLS verification.
  | [INFO] The base image requires auth. Trying again for registry.redhat.io/redhat-openjdk-18/openjdk18-openshift...
  | [INFO] Using credentials from <from><auth> for registry.redhat.io/redhat-openjdk-18/openjdk18-openshift
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/uploads/  over HTTPS. Attempting again with HTTP.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:4850e251ed7e3167f85671e1189c1d5d99bb7ac9960a936ed038a1107e50bea6 . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:4850e251ed7e3167f85671e1189c1d5d99bb7ac9960a936ed038a1107e50bea6  over HTTPS. Attempting again with HTTP.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/uploads/ . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/uploads/  over HTTPS. Attempting again with HTTP.
  | [INFO] Using base image with digest: sha256:9dab23924157b0c588f738c97b2a1f434315175b0be4156e1877028fa44360a8
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:00f17e0b37b0515380a4aece3cb72086c0356fc780ef4526f75476bea36a2c8b . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:00f17e0b37b0515380a4aece3cb72086c0356fc780ef4526f75476bea36a2c8b  over HTTPS. Attempting again with HTTP.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:3a813abe0f1d7a01673bd2cd581a263ea4c3d1a4e1a994efe5bfa685eee2efba . Attempting again with no TLS verification.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:305d73a95c8fece2b53a34e040df1c97eb6b7f7cc4e0a7933465f0b7325e3d72 . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:3a813abe0f1d7a01673bd2cd581a263ea4c3d1a4e1a994efe5bfa685eee2efba  over HTTPS. Attempting again with HTTP.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/uploads/ . Attempting again with no TLS verification.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/sha256:305d73a95c8fece2b53a34e040df1c97eb6b7f7cc4e0a7933465f0b7325e3d72  over HTTPS. Attempting again with HTTP.
  | [WARNING] Failed to connect to https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/uploads/  over HTTPS. Attempting again with HTTP.
  | [WARNING] Cannot verify server at https://docker-registry.default.svc:5000/v2/test/sb-image/blobs/uploads/ . Attempting again with no TLS verification.
  | [WARNING] Cannot verify server at https://registry.redhat.io/v2/redhat-openjdk-18/openjdk18-openshift/blobs/sha256:3a813abe0f1d7a01673bd2cd581a263ea4c3d1a4e1a994efe5bfa685eee2efba . Attempting again with no TLS verification.
  | [INFO]
  | [INFO] ------------------------------------------------------------------------
  | [INFO] BUILD FAILURE
  | [INFO] ------------------------------------------------------------------------
  | [INFO] Total time:  15.363 s
  | [INFO] Finished at: 2020-01-29T21:55:12Z
  | [INFO] ------------------------------------------------------------------------
  | [ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:2.0.0:build (default-cli) on project rest-http: Build image failed: Failed to authenticate with registry docker-registry.default.svc:5000/test/sb-image because: server did not return 'WWW-Authenticate: Bearer' header: Basic realm=openshift,error="access denied" -> [Help 1]
  | [ERROR]

[chanseokoh]

Thanks for the information. I see the registry is an Integrated OpenShift V3 registry. It's not the usual Docker registry ("Docker Distribution"). (BTW, the Docker daemon (or Docker engine) is not a registry; it doesn't implement the registry API.)

      image: 'openshift/origin-docker-registry:v3.11.0'

I'll try to see if I can set up this OpenShift V3 registry on my machine.

[chanseokoh]

@cmoulliard unfortunately, I couldn't figure out how to properly set up the internal OpenShift registry as a standalone registry, so I need your help here. Could you pass -X to Maven to print debug logs and also follow these instructions? If all goes well, the log will contain detailed HTTP communications like the following:

CONFIG: -------------- REQUEST  --------------
GET http://localhost:5000/v2/
Accept:
Accept-Encoding: gzip
User-Agent: jib 2.0.1-SNAPSHOT jib-maven-plugin Google-HTTP-Java-Client/1.34.0 (gzip)

Jan 29, 2020 5:34:58 PM com.google.api.client.http.HttpRequest execute
CONFIG: curl -v --compressed -H 'Accept: ' -H 'Accept-Encoding: gzip' -H 'User-Agent: jib 2.0.1-SNAPSHOT jib-maven-plugin Google-HTTP-Java-Client/1.34.0 (gzip)' -- 'http://localhost:5000/v2/'
Jan 29, 2020 5:34:58 PM com.google.api.client.http.HttpResponse <init>
CONFIG: -------------- RESPONSE --------------
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Www-Authenticate: Bearer realm="http://localhost:5000/openshift/token"

[chanseokoh]

@cmoulliard because the original issue is fixed (you still have to pass -DsendCredentialsOverHttp by our design), let's open a new issue and migrate our discussions over there. Please update on #2258. Your issue is unrelated to the original one.