search

optiopay / klar

Integration of Clair and Docker Registry
MIT License
505 stars 138 forks source link

Klar rpc error? #127

Closed calbutl closed 5 years ago

calbutl commented 5 years ago

I have Clair deployed in kubernetes cluster, and I'm trying to send images to be analyzed to the clair pod using Klar client on a separate server, outside of the cluster. As shown below, Klar successfully GETs the image from private docker repo, then tries to push the image to clair pod. On line 40, I see that Klar tries "POST /v1/layers HTTP/1.1". I assume that it is trying to push the image to Clair pod according to Clair API v1, and that it should try to push according to Clair API v3 as well?

Maybe Klar is not even attempting to push according to Clair API v3 because of this, on line 47? rpc error: code = Unavailable desc = transport is closing

I am using Clair v2.0.3 and Klar v2.3.0, as was recommended by kody-abe in this issue pertaining to an rpc error manifesting in failure to push: #110.

$ CLAIR_ADDR=<ingress controller ip>:80 KLAR_TRACE=true DOCKER_TIMEOUT=20 DOCKER_PASSWORD=<password>  ~/klar <private registry>/<image>

1. clair timeout 1m0s
2. docker timeout: 20m0s
3. no whitelist file
4. ----> HTTP REQUEST:
5. GET /v2/… HTTP/1.1
6. Host: <private registry host>
7. Accept: application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws
8. 
9. 
10. <---- HTTP RESPONSE:
11. HTTP/1.1 200 OK
12. Content-Length: 948
13. Connection: keep-alive
14. Content-Security-Policy: sandbox allow-forms allow-modals allow-popups allow-presentation allow-scripts allow-top-navigation
15. Content-Type: application/vnd.docker.distribution.manifest.v2+json
16. Date: Thu, 08 Nov 2018 21:31:41 GMT
17. Docker-Content-Digest: …
18. Docker-Distribution-Api-Version: registry/2.0
19. Keep-Alive: timeout=5
20. Last-Modified: Wed, 26 Sep 2018 14:20:05 GMT
21. Server: nginx/1.12.1
22. X-Content-Type-Options: nosniff
23. 
24. {
25.    "schemaVersion": 2,
26.    "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
27.    "config": {
28.       "mediaType": "application/vnd.docker.container.image.v1+json",
29.       "size": 6970,
30.       "digest": "…"
31.    },
32.    "layers": [
33.       <layers>
36.    ]
37. }
38. Analysing 3 layers
39. ----> HTTP REQUEST:
40. POST /v1/layers HTTP/1.1
41. Host: <ingress controller ip>:80
42. Content-Type: application/json
43. 
44. {"Layer":{"Name":"<name>","Path":"<private registry image path>","ParentName":"","Format":"Docker","Features":null,"Headers":{"Authorization":""}}}
45. Failed to analyze using API v1: push image <private registry>/<image> to Clair failed: can't push layer to Clair: Post http://<ingress controller ip>:80/v1/layers: net/http: request canceled (Client.Timeout exceeded while awaiting headers)
46. 
47. Failed to analyze using API v3: push image <private registry>/<image> to Clair failed: rpc error: code = Unavailable desc = transport is closing
48. 
49. Failed to analyze, exiting
calbutl commented 5 years ago

I just downgraded Clair Image to v2.0.0 to avoid the new API v3