-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mirror image rewrites break fallback to original repository #7007
Comments
Yes, this is an issue with rewrites. They probably should have been made per endpoint rather than per registry. They also probably should have been an ordered list instead of a |
What about supporting the hosts.toml mechanism and it's override-path option found in upstream containers? That works as expected with harbor as a proxy and will correctly fall back to the upstream source, judging by my experience with that on another cluster running Talos Linux. |
For anyone who stumbles upon this: I've worked around it by simply not using k3s registries and rewrites configuration and modifying the containerd config instead to use the hosts.toml mechanism instead. Documentation can be found here: |
There's an existing issue for switching registries.yaml to use hosts.toml instead, I'll probably close this in favor of tracking on that one - but I'll get it linked up first. |
Will track in #5568 |
Environmental Info:
K3s Version: v1.25.6+k3s1 (9176e03)
Node(s) CPU architecture, OS, and Version: Linux server-pi-01 5.15.0-1024-raspi #26-Ubuntu SMP PREEMPT Wed Jan 18 15:29:53 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
Cluster Configuration: 1 server, single node.
Describe the bug:
When attempting to use registry mirrors with rewrites (to a local harbor installation hosted on the node itself) fallback to upstream repositories will fail with errors logged in the containerd log file that suggests the rewrites are being applied to queries sent to the original registry.
This prevents it from gracefully falling back on the original registry when using mirrors as a caching source.
Steps To Reproduce:
Expected behavior:
For it to successfully pull images from the original repository when the registry is offline.
Actual behavior:
It failed to pull images, and logged errors saying no authorization in containerd logs which suggests the rewrite was applied to the request to the original repository.
With the mirror configuration removed, it successfully pulls as expected.
Additional context / logs:
The text was updated successfully, but these errors were encountered: