Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The scos image for 4.17.0-okd-scos.0 inclues rhel shortnames #2084

Open
oyviaase opened this issue Jan 3, 2025 · 2 comments
Open

The scos image for 4.17.0-okd-scos.0 inclues rhel shortnames #2084

oyviaase opened this issue Jan 3, 2025 · 2 comments
Assignees
@Prashanth684

Comments

@oyviaase
Copy link

oyviaase commented Jan 3, 2025

Describe the bug

When trying to install certain application on okd4.17 it tries to get the container images directly form redhat instead of docker hub, such as consul through the helm chart provided by hashicorp.

To reproduce install consul through the helm chart from hashicorp https://developer.hashicorp.com/consul/docs/k8s/installation/install#helm-chart-installation We have the following in our values.yaml file,

global:
  enablePodSecurityPolicies: true
  name: consul
  datacenter: dc1
  acls:
    manageSystemACLs: true
    createReplicationToken: true
  tls:
    enabled: true
  openshift:
    enabled: true

I suspect that the issue is that the base scos image includes the following files:

  • /etc/containers/registries.conf.d/001-rhel-shortnames.conf
  • 002-rhel-shortnames-overrides.conf

Our temporary workaround is to specify the full path of the images instead of the shortnames used by default in the helm chart.

Version

4.17.0-okd-scos.0

How reproducible

Always reproducable

Log bundle

$ oc describe po -n consul consul-gossip-encryption-autogenerate-r5sr6
...
Events:
  Type     Reason          Age                From               Message
  ----     ------          ----               ----               -------
  Normal   Scheduled       19m                default-scheduler  Successfully assigned consul/consul-gossip-encryption-autogenerate-r5sr6 to worker-4-okd4-test.oyviaase.uiocloud.no
  Normal   AddedInterface  19m                multus             Add eth0 [10.130.2.144/23] from ovn-kubernetes
  Normal   Pulling         17m (x4 over 19m)  kubelet            Pulling image "hashicorp/consul-k8s-control-plane:1.3.2"
  Warning  Failed          17m (x4 over 19m)  kubelet            Failed to pull image "hashicorp/consul-k8s-control-plane:1.3.2": unable to retrieve auth token: invalid username/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/RegistryAuthentication
  Warning  Failed          17m (x4 over 19m)  kubelet            Error: ErrImagePull
  Warning  Failed          17m (x6 over 19m)  kubelet            Error: ImagePullBackOff
  Normal   BackOff         4m (x65 over 19m)  kubelet            Back-off pulling image "hashicorp/consul-k8s-control-plane:1.3.2"
@rassie
Copy link

rassie commented Jan 8, 2025

Valid for 4.16 as well.

@rassie
Copy link

rassie commented Jan 14, 2025

The following works for me as a workaround:

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  annotations:
    argocd.argoproj.io/sync-options: ServerSideApply=true
  name: 99-master-shortnames
spec:
  config:
    ignition:
      version: 3.4.0
    storage:
      files:
        - contents:
            source: data:,
          mode: 420
          path: /etc/containers/registries.conf.d/001-rhel-shortnames.conf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Prashanth684 Prashanth684

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rassie @Prashanth684 @oyviaase