search

jetstack / version-checker

Kubernetes utility for exposing image versions in use, compared to latest available upstream, as metrics.
https://jetstack.io
Apache License 2.0
705 stars 79 forks source link

[BUG] ghcr.io public images return 401 #226

Closed erwanval closed 2 months ago

erwanval commented 4 months ago

Describe the bug When checking for public images hosted on ghcr.io, version checker return an error "401 Bad Credentials" when no token is defined, and no metric is produced for them. After a while, it hits the rate limit and it becomes a 403, but I don't think this is related.

To Reproduce Steps to reproduce the behavior:

  1. Deploy version-checker without a ghcr token configured (helm value ghcr.token not set)
  2. Deploy container with image ghcr.io/stakater/reloader (or any other public ghcr.io image)
  3. Check version-checker logs
  4. See error

Expected behavior version-checker should not return an error and produce a metric for ghcr.io images

Logs

time="2024-07-08T11:56:18Z" level=error msg="error syncing 'reloader-reloader-86786d55d9-ljdxd/infra': failed to sync pod infra/reloader-reloader-86786d55d9-ljdxd: failed to check container image \"reloader-reloader\": failed to get tags from remote registry for \"ghcr.io/stakater/reloader\": fetching owner type: fetching user: GET https://api.github.com/users/stakater: 401 Bad credentials [], requeuing" module=controller

Environment (please complete the following information):

Additional context Add any other context about the problem here.

davidcollom commented 4 months ago

Hey @erwanval Thanks for raising this issue, it looks like this could be a regression from when we migrated to use GitHub Packages from Releases.

I've raised PR #227 that will resolve this, where if you don't provide version-checker a GitHub Token, then we'll fall back to our traditional/standard OCI Repository version discovery.