Cannot create an Image Steam with import-image from private registry (ignores secret). #27952
Description
Trying to create an Image-Stream linked to an image held within a private registry. The registry is contained within IBM's Cloud based container registry (uk.icr.io). I have been able to create an image pull secret, and used this successfully to deploy the image onto the cluster, as a container. Wanted to create via the image-stream a mechanism to re-deploy the container when the image changes in the registry. However when I try and create the Image-Stream resource via the command line its fails due to not being authenticated. i.e. It's not managing to find the correct image-pull secret that works for this registry.
I have ready a number of suggestions, including naming the pull-secret the same name as the registry (still fails), adding the registry to the global pull-secret default (fails). Adding the pull-secret to the default, builder etc services accounts.
But so far nothing has managed to get a working Image-Stream.
Command Utilised:
$ oc import-image bowi:travis-ci --from=uk.icr.io/boaa-uk/bowi:travis-ci --confirm --scheduled
error: tag travis-ci failed: Internal error occurred: uk.icr.io/boaa-uk/bowi:travis-ci: denied: You are not authorized to access the specified resource. See https://cloud.ibm.com/docs/Registry?topic=Registry-troubleshoot-access-denied
imagestream.image.openshift.io/bowi imported with errors
Name: bowi
Namespace: boaas1-dev
Created: Less than a second ago
Labels: <none>
Annotations: openshift.io/image.dockerRepositoryCheck=2023-05-25T13:02:54Z
Image Repository: image-registry.openshift-image-registry.svc:5000/boaas1-dev/bowi
Image Lookup: local=false
Unique Images: 0
Tags: 1
travis-ci
updates automatically from registry uk.icr.io/boaa-uk/bowi:travis-ci
! error: Import failed (InternalError): Internal error occurred: uk.icr.io/boaa-uk/bowi:travis-ci: denied: You are not authorized to access the specified resource. See https://cloud.ibm.com/docs/Registry?topic=Registry-troubleshoot-access-denied
Less than a second ago
I have also tried the --all flag, and --insecure flag, also no success.
I have read issues #17238, #18449, #20084, #19762 and #9584
But cannot see any help, and no secondary authentication host for the IBM Cloud Container Registry.
Looking at the number of people who have issues creating Image-Streams with the import-image command, it could be a recommendation / suggestion to add the capability of a pull-image secret flag to the command, allowing users to attach a particular pull-secret to the command.