search

GoogleCloudPlatform / terraform-example-foundation-app

https://registry.terraform.io/modules/GoogleCloudPlatform/terraform-example-foundation-app/google
Apache License 2.0
33 stars 36 forks source link

Cluster fails to pull artifact repository or docker hub images #52

Closed daniel-cit closed 1 year ago

daniel-cit commented 3 years ago

Expected Behavior

The cluster is able to pull imagens from "us-east1-docker.pkg.dev/prj-bu1-c-app-cicd-aca5/prj-bu1-c-app-cicd-aca5-boa-image-repo

Actual Behavior

Timeout error when pulling the image

us-east1-docker.pkg.dev/prj-bu1-c-app-cicd-aca5/prj-bu1-c-app-cicd-aca5-boa-image-repo/userservice:0c135ee@sha256:9755a914bc0ce75f023c44edc500cdce27809471845449a424982660d1dfc65e
Status
 rpc error: code = Unknown desc = failed to pull and unpack image "us-east1-docker.pkg.dev/prj-bu1-c-app-cicd-aca5/prj-bu1-c-app-cicd-aca5-boa-image-repo/userservice@sha256:9755a914bc0ce75f023c44edc500cdce27809471845449a424982660d1dfc65e": failed to resolve reference "us-east1-docker.pkg.dev/prj-bu1-c-app-cicd-aca5/prj-bu1-c-app-cicd-aca5-boa-image-repo/userservice@sha256:9755a914bc0ce75f023c44edc500cdce27809471845449a424982660d1dfc65e": failed to do request: Head https://us-east1-docker.pkg.dev/v2/prj-bu1-c-app-cicd-aca5/prj-bu1-c-app-cicd-aca5-boa-image-repo/userservice/manifests/sha256:9755a914bc0ce75f023c44edc500cdce27809471845449a424982660d1dfc65e: dial tcp 173.194.205.82:443: i/o timeout: ErrImagePull

Steps to Reproduce the Problem

  1. update the yaml configuration for the pod userservice with the image us-east1-docker.pkg.dev/prj-bu1-c-app-cicd-aca5/prj-bu1-c-app-cicd-aca5-boa-image-repo/userservice@sha256:9755a914bc0ce75f023c44edc500cdce27809471845449a424982660d1dfc65e

Specifications

Note

I made the registry us-east1-docker.pkg.dev/prj-bu1-c-app-cicd-aca5/prj-bu1-c-app-cicd-aca5-boa-image-repo public to remove the possibility of IAM issues.

It looks like to be related to the network configuration, since it also fails to pull any image from the docker hub like the bash image.

In the step 3-networks a DNS configuration is created for gcr.io and according to the doc Setting up Container Registry or Artifact Registry for GKE private clusters we also need to add a record for pkg.dev to make it work.

It may also be necessary to pull all the the images used from docker registry like the bash image and push them to us-east1-docker.pkg.dev/prj-bu1-c-app-cicd-aca5/prj-bu1-c-app-cicd-aca5-boa-image-repo

daniel-cit commented 3 years ago

IT works for the artifact registry after manually adding the DNS configuration for pkg.dev

daniel-cit commented 3 years ago

The part related to the Artifact Repository pkg.dev was fixed in https://github.com/terraform-google-modules/terraform-example-foundation/pull/480

The README still need instructions to move the docker hub images for bash and postgresql to the Artifact Repository.

bharathkkb commented 3 years ago

@daniel-cit

Since we own the manifest can we switch to an image maintained in GCR/GAR? Maybe https://github.com/GoogleCloudPlatform/postgresql-docker and gcr.io/google-containers/alpine-with-bash?

daniel-cit commented 3 years ago

@daniel-cit

Since we own the manifest can we switch to an image maintained in GCR/GAR? Maybe https://github.com/GoogleCloudPlatform/postgresql-docker and gcr.io/google-containers/alpine-with-bash?

I will test to see if they are equivalent

daniel-cit commented 3 years ago

It works if we replace the docker hub images with:

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days