From df3754f3de402cb4e05a0fbcc4cb63075f253ee3 Mon Sep 17 00:00:00 2001 From: Sanghamitra-PERSONAL <78498010+Sanghamitra-PERSONAL@users.noreply.github.com> Date: Thu, 29 Sep 2022 10:42:44 +0200 Subject: [PATCH 1/4] Documentation added for redirection in the proxy to ensure image pulling --- docs/troubleshooting.md | 49 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 1e2e57c49d..1371b82665 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -316,3 +316,52 @@ Note: The below is based on the nginx [documentation](https://docs.nginx.com/ngi ```console cat nginx_conf.txt ``` + +## Image related issues faced on Nginx 4.2.5 or other versions (Helm chart versions) + +1. Incase you face below error while installing Nginx using helm chart (either by helm commands or helm_release terraform provider ) +``` +Warning Failed 5m5s (x4 over 6m34s) kubelet Failed to pull image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": rpc error: code = Unknown desc = failed to pull and unpack image "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": failed to resolve reference "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": failed to do request: Head "https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": EOF +``` + Then please follow the below steps. + +2. During troubleshooting you can also execute the below commands to test the connectivities from you local machines and repositories details + + a. curl registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 > /dev/null + ``` + (⎈ |myprompt)➜ ~ curl registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 > /dev/null + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 + (⎈ |myprompt)➜ ~ + ``` + b. curl -I https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + ``` + (⎈ |myprompt)➜ ~ curl -I https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/ sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + HTTP/2 200 + docker-distribution-api-version: registry/2.0 + content-type: application/vnd.docker.distribution.manifest.list.v2+json + docker-content-digest: sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + content-length: 1384 + date: Wed, 28 Sep 2022 16:46:28 GMT + server: Docker Registry + x-xss-protection: 0 + x-frame-options: SAMEORIGIN + alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" + + (⎈ |myprompt)➜ ~ + ``` + Redirection in the proxy is implemented to ensure the pulling of the images. + +3. This is the solution recommended to whitelist the below image repositories : + ``` + *.appspot.com + *.k8s.io + *.pkg.dev + *.gcr.io + + ``` + More details about the above repos : + a. *.k8s.io -> To ensure you can pull any images from registry.k8s.io + b. *.gcr.io -> GCP services are used for image hosting. This is part of the domains suggested by GCP to allow and ensure users can pull images from their container registry services. + c. *.appspot.com -> This a Google domain. part of the domain used for GCR. From 4b0339762b00b897d0c97bd8b01ee8098649835e Mon Sep 17 00:00:00 2001 From: Sanghamitra-PERSONAL <78498010+Sanghamitra-PERSONAL@users.noreply.github.com> Date: Thu, 29 Sep 2022 10:45:58 +0200 Subject: [PATCH 2/4] Update troubleshooting.md --- docs/troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 1371b82665..2fe087aaab 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -323,7 +323,7 @@ Note: The below is based on the nginx [documentation](https://docs.nginx.com/ngi ``` Warning Failed 5m5s (x4 over 6m34s) kubelet Failed to pull image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": rpc error: code = Unknown desc = failed to pull and unpack image "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": failed to resolve reference "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": failed to do request: Head "https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": EOF ``` - Then please follow the below steps. + Then please follow the below steps. 2. During troubleshooting you can also execute the below commands to test the connectivities from you local machines and repositories details From c4ba4258405ad2acb09bde9040e6c10564255954 Mon Sep 17 00:00:00 2001 From: Sanghamitra-PERSONAL <78498010+Sanghamitra-PERSONAL@users.noreply.github.com> Date: Thu, 29 Sep 2022 10:46:23 +0200 Subject: [PATCH 3/4] Update troubleshooting.md --- docs/troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 2fe087aaab..1371b82665 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -323,7 +323,7 @@ Note: The below is based on the nginx [documentation](https://docs.nginx.com/ngi ``` Warning Failed 5m5s (x4 over 6m34s) kubelet Failed to pull image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": rpc error: code = Unknown desc = failed to pull and unpack image "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": failed to resolve reference "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": failed to do request: Head "https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47": EOF ``` - Then please follow the below steps. + Then please follow the below steps. 2. During troubleshooting you can also execute the below commands to test the connectivities from you local machines and repositories details From 3d78b36ea02c8a5f61844db2914dcd58a0c18731 Mon Sep 17 00:00:00 2001 From: Sanghamitra-PERSONAL <78498010+Sanghamitra-PERSONAL@users.noreply.github.com> Date: Thu, 29 Sep 2022 10:48:10 +0200 Subject: [PATCH 4/4] Update troubleshooting.md --- docs/troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 1371b82665..f2f5da47bb 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -337,7 +337,7 @@ Warning Failed 5m5s (x4 over 6m34s) kubelet Failed to pull ima ``` b. curl -I https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 ``` - (⎈ |myprompt)➜ ~ curl -I https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/ sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + (⎈ |myprompt)➜ ~ curl -I https://eu.gcr.io/v2/k8s-artifacts-prod/ingress-nginx/kube-webhook-certgen/manifests/sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 HTTP/2 200 docker-distribution-api-version: registry/2.0 content-type: application/vnd.docker.distribution.manifest.list.v2+json