I’m currently integrating Nydus with Dragonfly in a Kubernetes cluster installed via Helm charts. While Dragonfly works seamlessly without Nydus, I’m encountering authentication issues when the two are integrated. The nydusd is running as a daemonset.
Read from backend failed: Registry(Request(ErrorWithMsg("401 Unauthorized"))), retry count 10
[2023-11-15 12:08:22.991641 +00:00] INFO [storage/src/cache/cachedfile.rs:74] temporarily failed to get blob.meta, I/O error (os error 5)
[2023-11-15 12:08:23.003567 +00:00] ERROR [error/src/error.rs:21] Error: "failed to read metadata from backend(compressor is none), Registry(Request(ErrorWithMsg(\"401 Unauthorized\")))" at storage/src/meta/mod.rs:659 note: enable RUST_BACKTRACE=1 env to display a backtrace
Pod Event:
Error: failed to create containerd container: mount callback failed on /var/lib/containerd/tmpmounts/containerd-mount28632954: read /var/lib/containerd/tmpmounts/containerd-mount28632954/etc/passwd: invalid argument
Hi Team,
I’m currently integrating Nydus with Dragonfly in a Kubernetes cluster installed via Helm charts. While Dragonfly works seamlessly without Nydus, I’m encountering authentication issues when the two are integrated. The nydusd is running as a daemonset.
image: ghcr.io/containerd/nydus-snapshotter tag: v0.9.0
Helm Chart: https://github.com/dragonflyoss/helm-charts/blob/main/INSTALL.md
Nydus-Config:
ContainerD Config:
Error Message: Nydus log:
Pod Event:
I have also tried doing the auth via the kubernetes service account by following the below doc: https://github.com/containerd/nydus-snapshotter/blob/main/docs/configure_nydus.md#use-serviceaccount
Established a service account, configured registry authentication, and seamlessly applied the authentication in a DaemonSet through imagePullSecrets.