You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
k3s version v1.29.3+k3s1 (8aecc26b)
go version go1.21.8
Node(s) CPU architecture, OS, and Version: CentOS Stream 9
Linux <hostname> 5.14.0-427.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Feb 23 04:45:07 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Cluster Configuration:
Single node cluster
Describe the bug:
By adding following simple /etc/rancher/k3s/registries.yaml and restarting k3s, invalid hosts.toml for containerd is generated and causes configs to be ignored.
Generated hosts.toml is correct and pulling from private registry is completed without any errors
Actual behavior:
Generated hosts.toml causes error="invalid `host` tree" since there is no [host."https://registry.example.com/v2"]
Pulling from private registry is failed since any configuration in hosts.toml is ignored
$ sudo cat /var/lib/rancher/k3s/agent/etc/containerd/certs.d/registry.example.com/hosts.toml
# File generated by k3s. DO NOT EDIT.
server = "https://registry.example.com/v2"
capabilities = ["pull", "resolve", "push"]
skip_verify = true
$ sudo $(which k3s) ctr images pull --hosts-dir "/var/lib/rancher/k3s/agent/etc/containerd/certs.d" --user 'reguser:Registry123!' registry.example.com/demo/demo:demo
ERRO[0000] failed to decode hosts.toml error="invalid `host` tree"
INFO[0000] trying next host error="failed to do request: Head \"https://registry.example.com/v2/demo/demo/manifests/demo\": tls: failed to verify certificate: x509: certificate signed by unknown authority" host=registry.example.com
ctr: failed to resolve reference "registry.example.com/demo/demo:demo": failed to do request: Head "https://registry.example.com/v2/demo/demo/manifests/demo": tls: failed to verify certificate: x509: certificate signed by unknown authority
Additional context / logs:
Adding mirrors does not help.
$ sudo tee /etc/rancher/k3s/registries.yaml <<EOFmirrors: registry.example.com: endpoint: - https://registry.example.comconfigs: registry.example.com: auth: username: reguser password: Registry123! tls: insecure_skip_verify: trueEOF
$ sudo systemctl restart k3s
$ sudo cat /var/lib/rancher/k3s/agent/etc/containerd/certs.d/registry.example.com/hosts.toml
# File generated by k3s. DO NOT EDIT.
server = "https://registry.example.com/v2"
capabilities = ["pull", "resolve", "push"]
skip_verify = true
Exact the same configration and steps work as expected on the older v1.28.7+k3s1.
$ k3s -v
k3s version v1.28.7+k3s1 (051b14b2)
go version go1.21.7
By v1.28.7+k3s1, the same registries.yaml will generate following hosts.toml that contains [host."https://registry.example.com/v2"].
$ sudo cat /var/lib/rancher/k3s/agent/etc/containerd/certs.d/registry.example.com/hosts.toml
# File generated by k3s. DO NOT EDIT.
[host."https://registry.example.com/v2"]
capabilities = ["pull", "resolve"]
skip_verify = true
Pulling from private registry with this hosts.toml works.
I didn't dive into the code deeper yet, but since no [host."https://registry.example.com/v2"] is generated by v1.29.3+k3s1, I suspect the .Endpoints is empty by some reason.
Environmental Info:
K3s Version: v1.29.3+k3s1 (8aecc26)
Node(s) CPU architecture, OS, and Version: CentOS Stream 9
Cluster Configuration:
Single node cluster
Describe the bug:
By adding following simple
/etc/rancher/k3s/registries.yaml
and restarting k3s, invalidhosts.toml
for containerd is generated and causesconfigs
to be ignored.Steps To Reproduce:
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.29.3+k3s1 sh -s - --write-kubeconfig-mode 644
registries.yaml
to specify credentials and to skip certificate verificationsudo systemctl restart k3s
Expected behavior:
Generated
hosts.toml
is correct and pulling from private registry is completed without any errorsActual behavior:
hosts.toml
causeserror="invalid `host` tree"
since there is no[host."https://registry.example.com/v2"]
hosts.toml
is ignoredAdditional context / logs:
Adding
mirrors
does not help.Exact the same configration and steps work as expected on the older
v1.28.7+k3s1
.By
v1.28.7+k3s1
, the sameregistries.yaml
will generate followinghosts.toml
that contains[host."https://registry.example.com/v2"]
.Pulling from private registry with this
hosts.toml
works.I didn't dive into the code deeper yet, but since no
[host."https://registry.example.com/v2"]
is generated byv1.29.3+k3s1
, I suspect the.Endpoints
is empty by some reason.HostsTomlTemplate
:k3s/pkg/agent/templates/templates.go
Lines 43 to 88 in 8aecc26
getHostConfigs()
:k3s/pkg/agent/containerd/config.go
Lines 71 to 154 in 8aecc26
The text was updated successfully, but these errors were encountered: