Closed funkypenguin closed 2 years ago
Use image pull secrets and pull images by authenticating with docker hub - or use quay.io/minio/minio
Is it possible to disable the checking for new versions? It seems very aggressive (below), retrying every 20s or so, so even though I'm authenticated against Docker Hub, I hit my rate limit on a fresh instance within about 10 minutes...
I0418 01:51:35.942409 1 main-controller.go:1062] Tenant 'minio' MinIO is already running the most recent version of 2022-04-12T06:55:35Z
I0418 01:51:43.486318 1 main-controller.go:1062] Tenant 'minio' MinIO is already running the most recent version of 2022-04-12T06:55:35Z
I0418 01:51:50.325559 1 main-controller.go:1062] Tenant 'minio' MinIO is already running the most recent version of 2022-04-12T06:55:35Z
I0418 01:51:58.078473 1 main-controller.go:1062] Tenant 'minio' MinIO is already running the most recent version of 2022-04-12T06:55:35Z
I0418 01:52:06.651582 1 main-controller.go:1062] Tenant 'minio' MinIO is already running the most recent version of 2022-04-12T06:55:35Z
E0418 01:52:07.987733 1 main-controller.go:579] error syncing 'minio/minio': GET https://index.docker.io/v2/myorg/minio/manifests/RELEASE.2022-04-12T06-55-35Z: TOOMANYREQUESTS: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
E0418 01:52:23.182750 1 main-controller.go:579] error syncing 'minio/minio': GET https://index.docker.io/v2/myorg/minio/manifests/RELEASE.2022-04-12T06-55-35Z: TOOMANYREQUESTS: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
E0418 01:52:42.875705 1 main-controller.go:579] error syncing 'minio/minio': GET https://index.docker.io/v2/myorg/minio/manifests/RELEASE.2022-04-12T06-55-35Z: TOOMANYREQUESTS: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
Is it possible to disable the checking for new versions? It seems very aggressive (below), retrying every 20s or so, so even though I'm authenticated against Docker Hub, I hit my rate limit on a fresh instance within about 10 minutes...
I0418 01:51:35.942409 1 main-controller.go:1062] Tenant 'minio' MinIO is already running the most recent version of 2022-04-12T06:55:35Z I0418 01:51:43.486318 1 main-controller.go:1062] Tenant 'minio' MinIO is already running the most recent version of 2022-04-12T06:55:35Z I0418 01:51:50.325559 1 main-controller.go:1062] Tenant 'minio' MinIO is already running the most recent version of 2022-04-12T06:55:35Z I0418 01:51:58.078473 1 main-controller.go:1062] Tenant 'minio' MinIO is already running the most recent version of 2022-04-12T06:55:35Z I0418 01:52:06.651582 1 main-controller.go:1062] Tenant 'minio' MinIO is already running the most recent version of 2022-04-12T06:55:35Z E0418 01:52:07.987733 1 main-controller.go:579] error syncing 'minio/minio': GET https://index.docker.io/v2/myorg/minio/manifests/RELEASE.2022-04-12T06-55-35Z: TOOMANYREQUESTS: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit E0418 01:52:23.182750 1 main-controller.go:579] error syncing 'minio/minio': GET https://index.docker.io/v2/myorg/minio/manifests/RELEASE.2022-04-12T06-55-35Z: TOOMANYREQUESTS: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit E0418 01:52:42.875705 1 main-controller.go:579] error syncing 'minio/minio': GET https://index.docker.io/v2/myorg/minio/manifests/RELEASE.2022-04-12T06-55-35Z: TOOMANYREQUESTS: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
This is because you asked for upgrade when it is already upgraded. The declarative nature here is trying to push the changes that are relevant and what was asked..
@dvaldivia we should treat the condition when the server is already upgraded as good condition and avoid returning error.
This would avoid pulling in the images or hitting docker hub.
This is because you asked for upgrade when it is already upgraded. The declarative nature here is trying to push the changes that are relevant and what was asked..
Sorry, missed this response here. How did I ask for an upgrade? (I didn't intend to...)
D
Expected Behavior
We mirror all images which we use in our cluster, from the official registries into our own repository, so that we can (a) scan them consistently, and (b) whitelist the registry using an admission controller. For this reason, we're using (for example)
docker.io/myorg/minio
as the image base.Minio-operator seems to poll Docker Hub to look for available upgrades, but it does so so frequently that it hits the rate limit (below), and logs a message about
unable to locate auth config registry context index.docker.io
Current Behavior
Logs as described above:
Possible Solution
A few ideas ...
Steps to Reproduce (for bugs)
Context
As described above, we regularly scan and update images from multiple sources into our registry/repo, and configure our cluster to only run images from these trusted repositories. In our case, we'd be 100% OK with disabling checks for image updates, since triggering these is a manual process anyway.
Your Environment
minio-operator
): 4.4.13