I use containerd to launch docker image inside my K8S. I can't put proxy on my env and have no internet access on node vm.
I've install a JCR to be able to get docker image and provide it as a mirror.
This JCR has internet access.
When I look inside K8S I always see that it is not able to pull sandbox image "k8s.gcr.io/pause:3.1" it always goes on i/o timeout
I put inside my Jcr several docker repote repository
docker-remote https://registry-1.docker.io/
k8s.gcr.io https://k8s.gcr.io/
and a virtual named docker
I put inside my containerd.toml
...
[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."*"]
endpoint = ["https://docker.jcr.mydomain"]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = ["https://docker.jcr.mydomain"]
[plugins.cri.registry.mirrors."k8s.gcr.io"]
endpoint = ["https://docker.jcr.mydomain"]
And then it's able to pull the image but I really don't understand why it isn't able to pull this image with the "" wild card.
I cannot do this for all docker registry I need to find a solution to make the "" work.
Another pb occured with the quay.io
For the docker registy quay.io I never manage to mirror it
Even if I put
...
[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."*"]
endpoint = ["https://docker.jcr.mydomain"]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = ["https://docker.jcr.mydomain"]
[plugins.cri.registry.mirrors."quai.io"]
endpoint = ["https://docker.jcr.mydomain"]
and for this image quay.io/coreos/flannel:v0.11.0-amd64
this is the result:
Pulling image "quay.io/coreos/flannel:v0.11.0-amd64"
Warning Failed 13s (x3 over 54s) kubelet, 121a9964-9914-4548-b576-69d6ac1f88d8.k8s Failed to pull image "quay.io/coreos/flannel:v0.11.0-amd64": rpc error: code = Unknown desc = failed to pull and unpack image "quay.io/coreos/flannel:v0.11.0-amd64": failed to resolve reference "quay.io/coreos/flannel:v0.11.0-amd64": unexpected status code [manifests v0.11.0-amd64]: 403 Forbidden
Warning Failed 13s (x3 over 54s) kubelet, 121a9964-9914-4548-b576-69d6ac1f88d8.k8s Error: ErrImagePull
Normal BackOff 1s (x3 over 54s) kubelet, 121a9964-9914-4548-b576-69d6ac1f88d8.k8s Back-off pulling image "quay.io/coreos/flannel:v0.11.0-amd64"
Warning Failed 1s (x3 over 54s) kubelet, 121a9964-9914-4548-b576-69d6ac1f88d8.k8s Error: ImagePullBackOff
I found the reason of why the "quay.io/coreos/flannel:v0.11.0-amd64" failed.
It's because it has a severe CVE inside this image and so on the Artifactory repository forbidde the download.
see https://quay.io/repository/coreos/flannel?tab=tags
Related
I've set up continuous deployment to Cloud Run from GitHub for my Spring Boot project, and while it's successfully building in Cloud Build, when I go over to Cloud Run, I get the following error under Creating Revision:
The user-provided container failed to start and listen on the port defined provided by the PORT=8080 environment variable.
When I go over to the Logs, I see the following errors:
2022-09-23 09:42:47.881 BST
Error: Unable to access jarfile /app/target/educity-manager-0.0.1-SNAPSHOT.jar
{
insertId: "632d7187000d739d29eb84ad"
labels: {5}
logName: "projects/educity-manager/logs/run.googleapis.com%2Fstderr"
receiveTimestamp: "2022-09-23T08:42:47.883252595Z"
resource: {2}
textPayload: "Error: Unable to access jarfile /app/target/educity-manager-0.0.1-SNAPSHOT.jar"
timestamp: "2022-09-23T08:42:47.881565Z"
}
2022-09-23 09:43:48.800 BST
run.googleapis.com
…ager/revisions/educity-manager-00011-fod
Ready condition status changed to False for Revision educity-manager-00011-fod with message: Deploying Revision.
{
insertId: "w6ptr6d20ve"
logName: "projects/educity-manager/logs/cloudaudit.googleapis.com%2Fsystem_event"
protoPayload: {
#type: "type.googleapis.com/google.cloud.audit.AuditLog"
resourceName: "namespaces/educity-manager/revisions/educity-manager-00011-fod"
response: {6}
serviceName: "run.googleapis.com"
status: {2}}
receiveTimestamp: "2022-09-23T08:43:49.631015104Z"
resource: {2}
severity: "ERROR"
timestamp: "2022-09-23T08:43:48.800371Z"
}
Dockerfile is as follows (and looking at the build log all of the commands in it completed successfully):
FROM openjdk:17-jdk-alpine
RUN addgroup -S spring && adduser -S spring -G spring
USER spring:spring
COPY . /app
ENTRYPOINT [ "java","-jar","/app/target/educity-manager-0.0.1-SNAPSHOT.jar" ]
I've read that Cloud Run defaults to exposing Port 8080, but just to be on the safe side I've put server.port=${PORT:8080} in my application.properties file (but it seems to make no difference one way or the other).
I have run into similar issues in the past. Usually, I am able to resolve this issue by:
specifying the port in the application itself (as you indicated in your post), and
exposing the required port in my dockerfile eg. EXPOSE 8080
Oh my good god I have done it. After two full days of digging, I realised that because I was doing it through github, my .gitignore file was excluding the /target folder containing the jar file, so Cloud Build never got the jar file mentioned in the Dockerfile.
I am going to have a cry and then go to the pub.
My spring-boot projekts builds its docker image on bitbucket.org using the spring-boot-maven-plugin with its build-image goal. On pipelines we always get the following maven error:
Docker API call to 'localhost:2375/v1.24/containers/create' failed with status code 403 "Forbidden"
In the docker log I found the following
time="2021-03-25T11:30:59Z" level=info msg="Container create request." ArgsEscaped=false AttachStderr=false AttachStdin=false AttachStdout=false ExposedPorts="map[]" Healthcheck="<nil>" Labels="map[author:spring-boot]" MacAddress= NetworkDisabled=false OnBuild="[]" OpenStdin=false StdinOnce=false StopSignal= StopTimeout="<nil>" Tty=false plugin=pipelines
time="2021-03-25T11:30:59Z" level=info msg="Container create request." AutoRemove=false BlkioDeviceReadBps="[]" BlkioDeviceReadIOps="[]" BlkioDeviceWriteBps="[]" BlkioDeviceWriteIOps="[]" BlkioWeight=0 BlkioWeightDevice="[]" CPUCount=0 CPUPercent=0 CPUPeriod=0 CPUQuota=0 CPURealtimePeriod=0 CPURealtimeRuntime=0 CPUShares=0 CapAdd="[]" CapDrop="[]" Capabilities="[]" Cgroup= CgroupParent= ConsoleSize="[0 0]" ContainerIDFile= CpusetCpus= CpusetMems= DNS="[]" DNSOptions="[]" DNSSearch="[]" DeviceCgroupRules="[]" Devices="[]" ExtraHosts="[]" GroupAdd="[]" IOMaximumBandwidth=0 IOMaximumIOps=0 Init="<nil>" IpcMode= Isolations= KernelMemory=0 Links="[]" LogConfig="{ map[]}" MaskedPaths="[]" Memory=0 MemoryReservation=0 MemorySwap=0 MemorySwappiness="<nil>" Mounts="[]" NanoCPUs=0 NetworkMode=default OomKillDisable="<nil>" OomScoreAdj=0 PidMode= PidsLimit="<nil>" PortBindings="map[]" Privileged=false PublishAllPorts=false ReadOnlyPaths="[]" RestartPolicy="{ 0}" Runtime= SecurityOpt="[]" ShmSize=0 StorageOpt="map[]" Sysctls="map[]" Ulimits="[]" UsernsMode= VolumeDriver= VolumesFrom="[]" plugin=pipelines
time="2021-03-25T11:30:59Z" level=info msg="Pipelines plugin request authorization." allowed=false method=POST plugin=pipelines uri=/v1.24/containers/createtime="2021-03-25T11:30:59.233599182Z" level=error msg="AuthZRequest for POST /v1.24/containers/create returned error: authorization denied by plugin pipelines: -v only supports $BITBUCKET_CLONE_DIR and its subdirectories"
I found a few posts with similar problems but no real explanation what is going wrong and if there is anything i can do about it.
There is an atlassian ticket where someone references this log https://jira.atlassian.com/browse/BCLOUD-17592
I know that on my local machine there are lots of named volumes on the creator container
I am having problems trying to deploy the rest server with persistence storage (mongo db) I ge this message when deploying the rest server:
docker logs -f rest
[2018-03-12 00:01:13] PM2 log: Launching in no daemon mode
[2018-03-12 00:01:14] PM2 log: Starting execution sequence in -fork mode- for app name:composer-rest-server id:0
[2018-03-12 00:01:14] PM2 log: App name:composer-rest-server id:0 online
WARNING: NODE_APP_INSTANCE value of '0' did not match any instance config file names.
WARNING: See https://github.com/lorenwest/node-config/wiki/Strict-Mode
Discovering types from business network definition ...
Connection fails: Error: Error trying to ping. Error: Error trying to query business network. Error: REQUEST_TIMEOUT
It will be retried for the next request.
Exception: Error: Error trying to ping. Error: Error trying to query business network. Error: REQUEST_TIMEOUT
Error: Error trying to ping. Error: Error trying to query business network. Error: REQUEST_TIMEOUT
at _checkRuntimeVersions.then.catch (/home/composer/.npm-global/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:699:34)
at
at process._tickDomainCallback (internal/process/next_tick.js:228:7)
[2018-03-12 00:07:03] PM2 log: App [composer-rest-server] with id [0] and pid [14], exited with code [1] via signal [SIGINT]
I am using composer v.18
is there any work around to fix this error. when I run the composer-rest- server alone it work. but if I try to add the mongodb it does not work
I've deployed Nexus OSS 3.6 and it's being served on http://server:8082/nexus
I have configured a docker-hub proxy using the instructions in http://www.sonatype.org/nexus/2017/02/16/using-nexus-3-as-your-repository-part-3-docker-images/ and have configured the docker-group to serve under port 18000
I can perform the following:
docker login server:18000
docker search server:18000/jenkins
but when I run:
docker pull server:18000/jenkins
i get the following error:
Error response from daemon: Get http://10.105.139.17:18000/v2/jenkins/manifests/latest:
error parsing HTTP 400 response body: invalid character '<'
looking for beginning of value:
"<html>\n<head>\n<meta http-equiv=\"Content-Type\"
content=\"text/html;charset=ISO-8859-1\"/>\n<title>
Error 400 </title>\n</head>\n<body>\n<h2>HTTP ERROR: 400</h2>\n
<p>Problem accessing /nexus/v2/token.
Reason:\n<pre> Not a Docker request</pre></p>\n<hr />
Powered by Jetty:// 9.3.20.v20170531<hr/>\n
</body>\n</html>\n"
My jetty nexus.properties config file is:
# Jetty section
application-port=8082
application-host=0.0.0.0
# nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-requestlog.xml
nexus-context-path=/nexus
# Nexus section
# nexus-edition=nexus-pro-edition
# nexus-features=\
# nexus-pro-feature
Could anyone offer any suggestions on how to fix this please?
I have the same problem when I enabled the anonymous read on some docker repository.
Repositories->Docker hosted->Check the checkbox (Disable to allow anonymous pull) from the repository.
seems you need to upgrade Nexus to 3.6.1 according to :
https://issues.sonatype.org/browse/NEXUS-14488
in order to allow anonymous read again
I have registred gitlab runner to the gitlab instance. My registered URL is as follows: http://azurestackgitlab1.southeastasia.cloudapp.azure.com/ci
However while running the build for that project; build is getting failed and giving the below message:
Running with gitlab-ci-multi-runner 1.11.1 (a67a225)
on java test (96d320b3)
WARNING: image is not supported by selected executor and shell
Using Shell executor...
Running on AzureStackPOCVM...
Cloning repository...
Cloning into '/home/gitlab-runner/builds/96d320b3/0/root/demoproject'...
fatal: unable to access 'http://gitlab-ci-token:xxxxxx#gitlab-ce.hxakzvpf0otezeojz3wqhme5wg.cx.internal.cloudapp.net/root/demoproject.git/': Could not resolve host: gitlab-ce.hxakzvpf0otezeojz3wqhme5wg.cx.internal.cloudapp.net
ERROR: Job failed: exit status 1
snippet of config.toml:
[[runners]]
name = "java test"
url = "http://azurestackgitlab1.southeastasia.cloudapp.azure.com/ci"
token = "96d320b33d3c69d706dad7f90df84e"
executor = "shell"
[runners.cache]
How to overcome this problem?
You will get this URL mentioned in etc/gitlab/gitlab.rb file. If you will change "hxakzvpf0otezeojz3wqhme5wg.cx.internal.cloudapp.net"
with your "http://azurestackgitlab1.southeastasia.cloudapp.azure.com"
It should work!
For more information you can refer : http://azurestackgitlab1.southeastasia.cloudapp.azure.com/help/administration/environment_variables.md