[STORY] Ensure that GHCR is accessible from staging server

[tclose]

Description

Currently when attempting to pull docker pull ghcr.io/australian-imaging-service/xnat-ingest:latest to the staging server k8s cluster it returns

Error response from daemon: Get "https://ghcr.io/v2/": dial tcp 20.248.137.52:443: connect: connection refused

Acceptance Criteria

• [ ] 1. All Docker images published at docker pull ghcr.io/australian-imaging-service/ can be pulled to staging server

[tclose]

• @dean-taylor check to see whether the proxy settings are the culprit
• Contact RNSH IT to reconfigure

[dean-taylor]

Records show that the registry containing the AIS docker registry was not added to the proxy whitelist (below). This does not explain how the original CTP was deployed.

Resolution. Add ghcr.io to the proxy whitelist.

archive.ubuntu.com
api.snapcraft.io
docker.io
registry.hub.docker.com
registry.k8s.io
kubernetes-sigs.github.io
quay.io
australian-imaging-service.github.io

[tclose]

Thanks for looking into it Dean

Records show that the registry containing the AIS docker registry was not added to the proxy whitelist (below). This does not explain how the original CTP was deployed.

Resolution. Add ghcr.io to the proxy whitelist.

archive.ubuntu.com
api.snapcraft.io
docker.io
registry.hub.docker.com
registry.k8s.io
kubernetes-sigs.github.io
quay.io
australian-imaging-service.github.io

I think looking at the email chain that they might have completely opened it up for us at one point to help us debug. Do we want all of ghcr.io or is australian-imaging-service.github.io sufficient?

[fxusyd]

Image can be pulled within the Microk8s cluster. However, pulling it directly on the staging server itself doesn't work.

[tclose]

Was an issue with the proxy settings in the end