[Regression] unsupported protocol scheme
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
containerd (Ubuntu) |
Fix Released
|
Undecided
|
Jorge Niedbalski | ||
Bionic |
Fix Released
|
High
|
Jorge Niedbalski | ||
Eoan |
Fix Released
|
Undecided
|
Jorge Niedbalski | ||
Focal |
Fix Released
|
Undecided
|
Jorge Niedbalski |
Bug Description
[Description]
Kubernetes 1.16.17
Containerd 1.3.3
Ubuntu Bionic
[Affected Releases]
containerd | 1.3.3-0ubuntu1~
containerd | 1.3.3-0ubuntu1~
containerd | 1.3.3-0ubuntu1 | focal | source, amd64, arm64, armhf, ppc64el, s390x
[Impact]
Reported upstream: https:/
User Impact:
Since the Ubuntu bionic-updates bump of the version 1.3.3 through [0] https:/
a regression was introduced.
The following endpoint description stopped working when scheduling pods with k8s 1.16-1.17 isn't longer working.
[plugins.
endpoint = ["niedbalski-
As an example, creating a k8s pod defined as following:
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: niedbalski-
command:
- sleep
- "3600"
imagePullSecrets:
- name: regcred
restartPolicy: Always
Will fail in the current Bionic-updates version with the following error:
" failed to do request: Head niedbalski-
Normal Scheduled default-scheduler Successfully assigned default/busybox to juju-3a79d2-
Normal Pulling 8m39s (x4 over 10m) kubelet, juju-3a79d2-
Warning Failed 8m39s (x4 over 10m) kubelet, juju-3a79d2-
Warning Failed 8m39s (x4 over 10m) kubelet, juju-3a79d2-
Warning Failed 8m27s (x6 over 10m) kubelet, juju-3a79d2-
Normal BackOff 4m56s (x21 over 10m) kubelet, juju-3a79d2-
[Test Case]
1) Configure a private docker repository repository
2) Modify the containerd registry mirror config as follows:
** http://
3) Execute the following pod (http://
Status of the scheduled pod should be ImagePullBackOff
and the before mentioned error should be raised.
[Possible workaround and solution]
As a workaround change the endpoint to support the scheme (https://)
Provide a fallback mechanism for URL parsing validation to fallback to http or https.
I suspect that this change introduced on 1.3.3 through
0b29c9c) may be the offending commit.
[Regression Potential]
** The change proposed on the SRU takes in consideration both cases
1) a endpoint without a schema 2) a endpoint with a schema.
1) worked in 1.2.6 as explained in the "Impact section" and stopped
being supported with the current Bionic version 1.3.3, 2) Should work
on both cases.
In neither case this should break existing endpoint definitions
now new deployments of containerd.
[Other Info]
** This commit upstream https:/
description: | updated |
tags: |
added: sts-sponsor-dgadomski removed: sts-needs-sponsor |
tags: |
added: sts-needs-sponsor sts-sponsors removed: sts-sponsor-dgadomski |
tags: |
added: sts-sponsor-dgadomski removed: sts-needs-sponsor sts-sponsors |
description: | updated |
description: | updated |
tags: | added: regression-update |
Changed in containerd (Ubuntu Bionic): | |
assignee: | nobody → Jorge Niedbalski (niedbalski) |
importance: | Undecided → High |
Changed in containerd (Ubuntu Eoan): | |
status: | Fix Released → Confirmed |
Changed in containerd (Ubuntu Focal): | |
status: | Fix Released → Confirmed |
Changed in containerd (Ubuntu Eoan): | |
assignee: | nobody → Jorge Niedbalski (niedbalski) |
Changed in containerd (Ubuntu Focal): | |
assignee: | nobody → Jorge Niedbalski (niedbalski) |
Attached is the debdiff that fixes this problem in bionic, it's a backport of commit [0]
[0] https:/ /github. com/containerd/ containerd/ commit/ a022c218194c054 49ad69b69c48fc6 cac9d6f0b3