Assume you have a secret my-reg-creds which contains image registry credentials which you intend to use with the registry images collector for preflights or support bundles. If the basic authentication token is generated from a username or password containing colons (:), the collector will fail to fetch the image even if the image exists
Expected Behavior
Credentials with colons should not lead to errors
Steps To Reproduce
Create an image pull secret using the command below
apiVersion: troubleshoot.sh/v1beta2
kind: Preflight
spec:
analyzers:
- registryImages:
checkName: Check images
collectorName: ""
outcomes:
- fail:
when: "errors > 0"
message: Failed to check if images are present in registry
- pass:
message: All images are available
collectors:
- registryImages:
imagePullSecret:
name: my-reg-creds
type: kubernetes.io/dockerconfigjson
images:
- registry.k8s.io/kube-scheduler:v1.29.5
Run preflight --interactive=false spec.yaml and note that you get the output below
--- FAIL: Check images
--- Failed to check if images are present in registry
--- FAIL
FAILED
Additional Context
The registry image collector assumes that credentials will be of the format username:password where neither of the parts separate parts contain a colon (:). This is not always the case. gcr.io for example contains a password that is a JSON object which looks like below
Bug Description
Assume you have a secret
my-reg-creds
which contains image registry credentials which you intend to use with the registry images collector for preflights or support bundles. If the basic authentication token is generated from ausername
orpassword
containing colons (:
), the collector will fail to fetch the image even if the image existsExpected Behavior
Credentials with colons should not lead to errors
Steps To Reproduce
spec.yaml
and drop this spec in the filepreflight --interactive=false spec.yaml
and note that you get the output belowAdditional Context
username:password
where neither of the parts separate parts contain a colon (:
). This is not always the case.gcr.io
for example contains a password that is a JSON object which looks like belowklog.Error
formatting errors such as this one. Here are some lines I've noted need to be loggedInclude the following information.