stx-monitor images are pulled from the public registry when a private registry is configured
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Angie Wang |
Bug Description
Brief Description
-----------------
stx-monitor images are pulled from the public registry when a private registry is configured
Severity
--------
Provide the severity of the defect.
Major
Steps to Reproduce
------------------
Install a AIO-DX system using example localhost.yml (below)
Expected Behavior
------------------
If a private registry is configured during the bootstrap
all images should be pulled from the private registry
Actual Behavior
----------------
During:
system application-apply stx-monitor
Images are pulled from the public registry even though a private registry is configured.
Example of localhost.yml
#######
[sysadmin@
system_mode: duplex
dns_servers:
- 2620:10a:
management_subnet: face::/64
management_
cluster_
cluster_pod_subnet: dead:beef::/64
cluster_
external_
external_
external_
external_
external_
admin_password: Secret2019pass^
ansible_
pxeboot_subnet: 192.168.202.0/24
no_log: false
docker_registries:
k8s.gcr.io:
url: tis-lab-
gcr.io:
url: tis-lab-
quay.io:
url: tis-lab-
docker.io:
url: tis-lab-
docker.
url: tis-lab-
defaults:
type: docker
username: username
password: userpassword
ssl_ca_cert: /home/sysadmin/
docker_no_proxy:
- registry.local
- tis-lab-
#######
Reproducibility
---------------
100% reproducible
System Configuration
-------
AIO-DX
Wind River Lab: cgcs-r430-3-4
Branch/Pull Time/Commit
-------
2019-11-02_08-39-54
Last Pass
---------
Not known
Timestamp/Logs
--------------
Attached
Test Activity
-------------
Feature Testing
Other info:
Note the paths to: "Image" on one of the pods in monitor namespace:
[sysadmin@
Name: mon-filebeat-kw5hd
Namespace: monitor
Priority: 0
Node: controller-
Start Time: Mon, 04 Nov 2019 17:03:06 +0000
Labels: app=filebeat
Annotations: checksum/secret: ee1fc16c6db8204
[{
}]
Status: Running
IP: dead:beef:
IPs:
IP: dead:beef:
Controlled By: DaemonSet/
Init Containers:
setup-script:
Container ID: docker:
Image: docker.
Image ID: docker-
Port: <none>
Host Port: <none>
Command:
/bin/bash
-c
/
State: Terminated
Reason: Completed
Exit Code: 0
Started: Mon, 04 Nov 2019 17:03:13 +0000
Finished: Mon, 04 Nov 2019 17:03:44 +0000
Ready: True
Restart Count: 0
Environment:
POD_
NODE_NAME: (v1:spec.nodeName)
OUTPUT_
OUTPUT_
OUTPUT_
OUTPUT_
SYSTEM_
INDEX_
INDEX_NAME: filebeat-
Mounts:
/
/
/
Containers:
filebeat:
Container ID: docker:
Image: docker.
Image ID: docker-
Port: 5066/TCP
Host Port: 0/TCP
Args:
-e
State: Running
Started: Mon, 04 Nov 2019 17:03:44 +0000
Ready: True
Restart Count: 0
Limits:
cpu: 80m
memory: 256Mi
Requests:
cpu: 40m
memory: 256Mi
Environment:
POD_
NODE_NAME: (v1:spec.nodeName)
OUTPUT_
OUTPUT_
OUTPUT_
OUTPUT_
SYSTEM_
INDEX_
INDEX_NAME: filebeat-
Mounts:
/
/
/
/
/var/log from varlog (ro)
/
mon-filebeat-
Container ID: docker:
Image: trustpilot/
Image ID: docker-
Port: 9479/TCP
Host Port: 0/TCP
State: Running
Started: Mon, 04 Nov 2019 17:03:46 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
varlog:
Type: HostPath (bare host directory volume)
Path: /var/log
HostPathType:
varlibdockerc
Type: HostPath (bare host directory volume)
Path: /var/lib/
HostPathType:
filebeat-config:
Type: Secret (a volume populated by a Secret)
SecretName: mon-filebeat
Optional: false
data:
Type: HostPath (bare host directory volume)
Path: /var/lib/filebeat
HostPathType: DirectoryOrCreate
setupscript:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: mon-filebeat
Optional: false
mon-filebeat-
Type: Secret (a volume populated by a Secret)
SecretName: mon-filebeat-
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes
Events: <none>
Changed in starlingx: | |
assignee: | nobody → John Kung (john-kung) |
tags: | added: stx.retestneeded |
Changed in starlingx: | |
assignee: | John Kung (john-kung) → Angie Wang (angiewang) |
The image pull is from local image registry on subsequent apply on controller-0; however on the other controller and compute, the image pull is from public repo.
The Elastic charts, primarily ServiceAccount v1, were updated as per attached diff (elastic_ service_ account_ 1.diff) - attempt to pull from local registry though encounters: local:9001/ docker. elastic. co/elasticsearc h/elasticsearch -oss:7. 4.0": rpc error: code = Unknown desc = Error response from daemon: Get https:/ /registry. local:9001/ v2/docker. elastic. co/elasticsearc h/elasticsearch -oss/manifests/ 7.4.0: unauthorized: authentication required
Warning Failed 99s (x3 over 2m15s) kubelet, controller-1 Failed to pull image "registry.
In order to pull from the local registry, further investigation into the following areas is required:
- armada manifest needs to be updated to pull from local registry
- elastic charts need to be able to handle pull with secrets for the local registry