search

jhunt / k8s-boshrelease

A BOSH Release for deploying Kubernetes clusters
MIT License
13 stars 9 forks source link

Add the opportunity to use a docker mirror #39

Closed obeyler closed 4 years ago

obeyler commented 4 years ago

As we are in airgap env we use a private docker registry such as jcr from jfrog. It allows to do upload the docker image onto the JCR registry and not on internet.

To do that the containerd.toml file need to be completed by this option:

              [plugins.cri.registry]
                [plugins.cri.registry.mirrors]
                  [plugins.cri.registry.mirrors."docker.io"]
                    endpoint = ["((registry-mirrors))"]
jhunt commented 4 years ago

Does this bring with it the need for insecure registries? I.e. do we need to make it possible not only for operators to make use of a local image registry but also possibly one with a self-signed cert, an expired cert, or a cert with an untrusted issuer / intermediary chain?

obeyler commented 4 years ago

I think so. I already work a little about this Pb this night. I see some trouble 

              [plugins.cri.registry]
                [plugins.cri.registry.mirrors]
                  [plugins.cri.registry.mirrors."docker.io"]
                    endpoint = ["((registry-mirrors))"]

Is not enough. :-(

containerd wasn't able to download image k8s.gcr.io/pause:3.1

It also needs 

                  [plugins.cri.registry.mirrors."k8s.gcr.io"]
                    endpoint = ["((registry-mirrors))"]

Normally we can use wild card 

[plugins.cri.registry.mirrors."*"]
                    endpoint = ["((registry-mirrors))"]

but it fails I'm looking for why but I don't find yet even with this I still have some pb with another image:

Pulling image "quay.io/coreos/flannel:v0.11.0-amd64"
  Warning  Failed     13s (x3 over 54s)  kubelet, 121a9964-9914-4548-b576-69d6ac1f88d8.k8s  Failed to pull image "quay.io/coreos/flannel:v0.11.0-amd64": rpc error: code = Unknown desc = failed to pull and unpack image "quay.io/coreos/flannel:v0.11.0-amd64": failed to resolve reference "quay.io/coreos/flannel:v0.11.0-amd64": unexpected status code [manifests v0.11.0-amd64]: 403 Forbidden
  Warning  Failed     13s (x3 over 54s)  kubelet, 121a9964-9914-4548-b576-69d6ac1f88d8.k8s  Error: ErrImagePull
  Normal   BackOff    1s (x3 over 54s)   kubelet, 121a9964-9914-4548-b576-69d6ac1f88d8.k8s  Back-off pulling image "quay.io/coreos/flannel:v0.11.0-amd64"
  Warning  Failed     1s (x3 over 54s)   kubelet, 121a9964-9914-4548-b576-69d6ac1f88d8.k8s  Error: ImagePullBackOff
obeyler commented 4 years ago

You can have a look at the PR I start to evaluate how to do here: https://github.com/jhunt/k8s-boshrelease/pull/41 I need to change the property to be able to set an array of string , url instead of just only one url.

jhunt commented 4 years ago

Completed in #60