Fix WWW-Authenticate challenge handling with docker registries. #16465
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hpidcock
added
do not merge
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
|
I was missing uploading the # juju deploy postgresql-k8s --channel 14/stable --resource postgresql-image=10.46.90.139/jujusolutions/charmed-postgresql:14.9-22.04_edge
# juju status
Model Controller Cloud/Region Version SLA Timestamp
test mk8s microk8s/localhost 2.9.46 unsupported 13:13:00-05:00
App Version Status Scale Charm Channel Rev Address Exposed Message
postgresql-k8s waiting 0/1 postgresql-k8s 14/stable 158 10.152.183.95 no installing agent
Unit Workload Agent Address Ports Message
postgresql-k8s/0 error lost 10.1.181.24 unknown container reason "ImagePullBackOff": Back-off pulling image "10.46.90.139/jujusolutions/charm-base:ubuntu-22.04"# microk8s.kubectl describe pod postgresql-k8s-0 -n test
# [..]
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 7s default-scheduler Successfully assigned test/postgresql-k8s-0 to black
Normal Pulled 7s kubelet Container image "10.46.90.139/jujusolutions/jujud-operator:2.9.46" already present on machine
Normal Created 7s kubelet Created container charm-init
Normal Started 6s kubelet Started container charm-init
Normal Pulling 6s kubelet Pulling image "10.46.90.139/jujusolutions/charm-base:ubuntu-22.04"
Warning Failed 6s kubelet Failed to pull image "10.46.90.139/jujusolutions/charm-base:ubuntu-22.04": failed to pull and unpack image "10.46.90.139/jujusolutions/charm-base:ubuntu-22.04": failed to resolve reference "10.46.90.139/jujusolutions/charm-base:ubuntu-22.04": failed to authorize: failed to fetch anonymous token: unexpected status: 401
Warning Failed 6s kubelet Error: ErrImagePull
Normal Pulling 6s kubelet Pulling image "10.46.90.139/jujusolutions/charmed-postgresql:14.9-22.04_edge"
Warning Failed 6s kubelet Failed to pull image "10.46.90.139/jujusolutions/charmed-postgresql:14.9-22.04_edge": failed to pull and unpack image "10.46.90.139/jujusolutions/charmed-postgresql:14.9-22.04_edge": failed to resolve reference "10.46.90.139/jujusolutions/charmed-postgresql:14.9-22.04_edge": failed to authorize: failed to fetch anonymous token: unexpected status: 401
Warning Failed 6s kubelet Error: ErrImagePull
Warning FailedToRetrieveImagePullSecret 5s (x3 over 7s) kubelet Unable to retrieve some image pull secrets (juju-image-pull-secret); attempting to pull the image may not succeed.
Normal BackOff 5s kubelet Back-off pulling image "10.46.90.139/jujusolutions/charm-base:ubuntu-22.04"
Warning Failed 5s kubelet Error: ImagePullBackOff
Normal BackOff 5s kubelet Back-off pulling image "10.46.90.139/jujusolutions/charmed-postgresql:14.9-22.04_edge"
Warning Failed 5s kubelet Error: ImagePullBackOff
# [..]
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedToRetrieveImagePullSecret 2m27s (x327 over 72m) kubelet Unable to retrieve some image pull secrets (juju-image-pull-secret); attempting to pull the image may not succeed. |
|
Tested again bootstrap now with an online (not local) private repository of Jfrog The local repo from before might have kept the official 2.9.46 jujud-operator image rather than the one provided # ./juju bootstrap microk8s mk8s --debug --config caas-image-repo='{"repository":"gustavosanchez.jfrog.io/jujusolutions", "serveraddress":"gustavosanchez.jfrog.io/artifactory/api/docker/jujusolutions/v2", "username":"admin", "password":"<PASS>" }'
# [..]
# ./juju deploy postgresql-k8s --channel 14/stable --resource postgresql-image=gustavosanchez.jfrog.io/jujusolutions/charmed-postgresql:14.9-22.04_edge
# [..]
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m52s default-scheduler Successfully assigned test/postgresql-k8s-0 to black
Normal Pulled 2m51s kubelet Container image "gustavosanchez.jfrog.io/jujusolutions/jujud-operator:2.9.46" already present on machine
Normal Created 2m51s kubelet Created container charm-init
Normal Started 2m51s kubelet Started container charm-init
Normal Pulling 2m51s kubelet Pulling image "gustavosanchez.jfrog.io/jujusolutions/charm-base:ubuntu-22.04"
Normal Pulled 2m40s kubelet Successfully pulled image "gustavosanchez.jfrog.io/jujusolutions/charm-base:ubuntu-22.04" in 10.992s (10.992s including waiting)
Normal Created 2m40s kubelet Created container charm
Normal Started 2m39s kubelet Started container charm
Normal Pulling 2m39s kubelet Pulling image "gustavosanchez.jfrog.io/jujusolutions/charmed-postgresql:14.9-22.04_edge"
Normal Pulled 2m14s kubelet Successfully pulled image "gustavosanchez.jfrog.io/jujusolutions/charmed-postgresql:14.9-22.04_edge" in 25.728s (25.728s including waiting)
Normal Created 2m14s kubelet Created container postgresql
Normal Started 2m14s kubelet Started container postgresql
Warning Unhealthy 67s (x14 over 2m7s) kubelet Readiness probe failed: HTTP probe failed with statuscode: 502 |
hpidcock
force-pushed
the
fix-docker-auth-challenges
branch
2 times, most recently
from
4e6aa66
to
30fe895
Compare
hpidcock
removed
the
do not merge
hpidcock
force-pushed
the
fix-docker-auth-challenges
branch
from
30fe895
to
942f573
Compare
wallyworld
approved these changes
Nov 24, 2023
|
/merge |
Merged
Merged
jujubot
added a commit
that referenced
this pull request
Nov 29, 2023
#16635 Merge 3.1 #16598 [from wallyworld/get-owned-secrets](4d0cd7d) #16596 [from manadart/2.9-fix-bad-clouds-panic](7027d79) #16603 [from wallyworld/inhook-secret-refresh](cb7ad3b) #16583 [from jack-w-shaw/update_merge_bot](d4b9e00) #16584 [from hmlanigan/fix-deploy-ci-lxd-series](7c1d995) #16618 [from manadart/2.9-destroy-storage-with-test…](3b81a00) #16617 [from wallyworld/remove-placeholder-port](d57438a) #16616 [from wallyworld/fix-topologykey-constraint](060e175) #16465 [from hpidcock/fix-docker-auth-challenges](f80096d) #16610 [from wallyworld/cli-help-fixes](dc94b09) #16609 [from SimonRichardson/fix-panic](5fcd0f6) #16576 [from SimonRichardson/pre-check-facades-migr…](ad85101) Conflicts ``` # Conflicts: # api/package_test.go # apiserver/allfacades.go # cmd/juju/application/integrate.go # cmd/juju/model/defaults.go # core/charm/repository/charmhub.go # core/charm/repository/charmhub_test.go # go.mod # go.sum # state/secrets.go # state/upgrades.go # state/upgrades_test.go # tests/suites/deploy/deploy_bundles.sh # tests/suites/secrets_iaas/juju.sh # tests/suites/secrets_iaas/vault.sh # upgrades/backend.go # upgrades/steps_317.go # upgrades/steps_317_test.go ```
Merged
jujubot
added a commit
that referenced
this pull request
Nov 29, 2023
#16641 Merge 3.3 No conflicts #16598 [from wallyworld/get-owned-secrets](4d0cd7d) #16596 [from manadart/2.9-fix-bad-clouds-panic](7027d79) #16603 [from wallyworld/inhook-secret-refresh](cb7ad3b) #16583 [from jack-w-shaw/update_merge_bot](d4b9e00) #16576 [from SimonRichardson/pre-check-facades-migr…](ad85101) #16609 [from SimonRichardson/fix-panic](5fcd0f6) #16610 [from wallyworld/cli-help-fixes](dc94b09) #16465 [from hpidcock/fix-docker-auth-challenges](f80096d) #16616 [from wallyworld/fix-topologykey-constraint](060e175) #16617 [from wallyworld/remove-placeholder-port](d57438a) #16618 [from manadart/2.9-destroy-storage-with-test…](3b81a00) #16584 [from hmlanigan/fix-deploy-ci-lxd-series](7c1d995)
Merged
jujubot
added a commit
that referenced
this pull request
Nov 30, 2023
#16642 Merge 3.4 #16598 [from wallyworld/get-owned-secrets](4d0cd7d) #16596 [from manadart/2.9-fix-bad-clouds-panic](7027d79) #16603 [from wallyworld/inhook-secret-refresh](cb7ad3b) #16583 [from jack-w-shaw/update_merge_bot](d4b9e00) #16576 [from SimonRichardson/pre-check-facades-migr…](ad85101) #16610 [from wallyworld/cli-help-fixes](dc94b09) #16465 [from hpidcock/fix-docker-auth-challenges](f80096d) #16616 [from wallyworld/fix-topologykey-constraint](060e175) #16617 [from wallyworld/remove-placeholder-port](d57438a) #16618 [from manadart/2.9-destroy-storage-with-test…](3b81a00) #16584 [from hmlanigan/fix-deploy-ci-lxd-series](7c1d995) Conflicts ``` # Conflicts: # api/apiclient.go # api/client/charms/downloader_s3.go # api/export_test.go # api/facadeversions.go # api/facadeversions_test.go # api/package_test.go # apiserver/allfacades.go # apiserver/common/secrets/access.go # apiserver/facades/agent/secretsmanager/secrets.go # apiserver/facades/agent/uniter/uniter.go # apiserver/facades/agent/uniter/uniter_test.go # apiserver/facades/controller/migrationtarget/migrationtarget.go # apiserver/facades/controller/migrationtarget/migrationtarget_test.go # apiserver/facades/controller/migrationtarget/register.go # caas/kubernetes/provider/specs/admissionregistration.go # core/charm/repository/charmhub.go # core/charm/repository/charmhub_test.go # go.mod # go.sum # internal/migration/precheck.go # worker/uniter/runner/context/context_test.go ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Docker v2 registries employ a standard process for authentication by returning challenge in the WWW-Authenticate header. This change attempts to use this process for all generic repositories.
QA steps
This has been tested with quay.io, jfrog artifactory, google cloud artifact repository and digital ocean registry.
export DOCKER_USERNAME=my-registry.com/juju-testmake seed-repositoryJUJU_BUILD_NUMBER=0 make push-release-operator-imagejuju bootstrap minikube --config caas-image-repo='{"repository":"my-registry.com/juju-test","username":"<username>","password":"<password>"}'Documentation changes
N/A
Links
Launchpad bug: https://bugs.launchpad.net/juju/+bug/2039727
Jira card: JUJU-4820