porter: insecure-registry flag is not used when pushing referenced images

What is your question? porter publish command fails after adding images section into poter.yaml

What have you tried already? Added below part to the porter.yaml

Note: registry URL: my-registry.com is masked one

images:
  assets:
    description: "A simple asset image"
    imageType: "docker"
    repository: "my-registry.com/develop/prakash/assets-nginx"
    digest: "sha256:9123250178a23334761946ac478aa56ec28f3f6402a491bb154fa13c724482b9"
```
Then tried to publish the bundle using below command

```
porter publish --registry my-registry.com/develop/prakash/ --insecure-registry --debug
```

I see below failure messages, not sure how to troubleshoot this. Appreciate pointers to troubleshoot it

DEBUG name:    exec
DEBUG pkgDir: /Users/prakash/.porter/mixins/exec
DEBUG file:     
DEBUG stdin:

/Users/prakash/.porter/mixins/exec/exec version --output json --debug
DEBUG name:    kubernetes
DEBUG pkgDir: /Users/prakash/.porter/mixins/kubernetes
DEBUG file:     
DEBUG stdin:

/Users/prakash/.porter/mixins/kubernetes/kubernetes version --output json --debug
Pushing CNAB invocation image...
The push refers to repository [my-registry.comt/develop/prakash/nginx]
2a805e039dc0: Preparing
695758e121a1: Preparing
ce59be84e3a4: Preparing
604a64d9f0ed: Preparing
75403ef7a264: Preparing
b18299306266: Preparing
f01953646cff: Preparing
39a89d2e4f5a: Preparing
78bbff9102e7: Preparing
63ea75ccbf0c: Preparing
b18299306266: Waiting
f01953646cff: Waiting
39a89d2e4f5a: Waiting
78bbff9102e7: Waiting
63ea75ccbf0c: Waiting
ce59be84e3a4: Layer already exists
604a64d9f0ed: Layer already exists
2a805e039dc0: Layer already exists
695758e121a1: Layer already exists
75403ef7a264: Layer already exists
b18299306266: Layer already exists
f01953646cff: Layer already exists
39a89d2e4f5a: Layer already exists
78bbff9102e7: Layer already exists
63ea75ccbf0c: Layer already exists
ec246d2decab3db00cea9b1053a41052: digest: sha256:55b76fa1802b0029f4c597303861869e1ffac925d096b7ebc2f6ae1f21102e79 size: 2424

Rewriting CNAB bundle.json...
DEBUG name:    exec
DEBUG pkgDir: /Users/prakash/.porter/mixins/exec
DEBUG file:     
DEBUG stdin:

/Users/prakash/.porter/mixins/exec/exec version --output json --debug
DEBUG name:    kubernetes
DEBUG pkgDir: /Users/prakash/.porter/mixins/kubernetes
DEBUG file:     
DEBUG stdin:

/Users/prakash/.porter/mixins/kubernetes/kubernetes version --output json --debug
Starting to copy image my-registry.com/develop/prakash/nginx:ec246d2decab3db00cea9b1053a41052...
Completed image my-registry.com/develop/prakash/nginx:ec246d2decab3db00cea9b1053a41052 copy
Starting to copy image my-registry.com/develop/prakash/assets-nginx@sha256:9123250178a23334761946ac478aa56ec28f3f6402a491bb154fa13c724482b9...
Failed to copy image my-registry.com/develop/prakash/assets-nginx@sha256:9123250178a23334761946ac478aa56ec28f3f6402a491bb154fa13c724482b9: failed to authorize: failed to fetch oauth token: unexpected status: 500 Internal Server Error
error preparing the bundle with cnab-to-oci before pushing: failed to authorize: failed to fetch oauth token: unexpected status: 500 Internal Server Error
Error: error preparing the bundle with cnab-to-oci before pushing: failed to authorize: failed to fetch oauth token: unexpected status: 500 Internal Server Error
error preparing the bundle with cnab-to-oci before pushing: failed to authorize: failed to fetch oauth token: unexpected status: 500 Internal Server Error
Closing plugins


Is --insecure-registrsy flag not being passed to subsequent images section?

But if we use --reference flag to porter publish, it works. like below
```
orter publish --registry my-registry.com/develop/prakash/ --reference my-registry.com/
develop/prakash/assets-nginx:0.0.2 --insecure-registry
```

But we thinking to publish the main app bundle. Idea is, before we install the app bundle, our backend will do `porter inspect` and extract the assets images. We thought adding images section to porter.yaml would help us. Please let us know the pointers to above error messages.



**Where have you looked already to figure this out?**
didn't find relevant docs

**Was the existing documentation unclear or had gaps?**
N/A

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 34 (20 by maintainers)

Most upvoted comments

Steps to reproduce:

Starting with sample bundle, verify it can be pushed to harbor:

$ curl -OL https://github.com/cnabio/cnab-to-oci/blob/main/examples/helloworld-cnab/bundle.json
$ cnab-to-oci push bundle.json --target harborregistry/project/hello:v1.0.0 --auto-update-bundle
Starting to copy image cnab/helloworld:0.1.1...
Completed image cnab/helloworld:0.1.1 copy
Pushed successfully, with digest "sha256:55c6da48fe8553696bf3e2c940ea667e2d2fda3d55614a19dbd7d084780c0807"

Update the images section to include an external image and observe it copies that image as well:

  "images": {
    "alpine":{
      "description": "An included image from docker",
      "image": "alpine:latest",
      "imageType":"docker"
    }
  },

$ cnab-to-oci push bundle-docker-img.json --target harborregistry/project/hello:v1.0.0 --auto-update-bundle
Starting to copy image cnab/helloworld:0.1.1...
Completed image cnab/helloworld:0.1.1 copy
Starting to copy image alpine:latest...
Completed image alpine:latest copy
Pushed successfully, with digest "sha256:7d365cf7873e9cf403c0ff95a31a9581ebf5b2bbfea3ffc110a0f98e40f04041"

Push the alpine image to harbor, reference that image and observe failure:

$ docker tag alpine:latest harborregistry/project/alpine:latest
$ docker push harborregistry/project/alpine:latest

  "images": {
    "alpine":{
      "description": "An included image from harbor",
      "image": "harborregistry/project/alpine:latest",
      "imageType":"docker"
    }
  },

$ cnab-to-oci push bundle-harbor-img.json --target harborregistry/project/hello:v1.0.0 --auto-update-bundle
Starting to copy image cnab/helloworld:0.1.1...
Completed image cnab/helloworld:0.1.1 copy
Starting to copy image harborregistry/project/alpine:latest...
Failed to copy image harborregistry/project/alpine:latest: failed to authorize: failed to fetch oauth token: unexpected status: 500 Internal Server Error
Error: failed to authorize: failed to fetch oauth token: unexpected status: 500 Internal Server Error
+1
Jemgoss on Apr 24, 2022
Read more comments on GitHub
← porter: Incorrect installation state after migration to v1
porter: Problem executing docker-compose mixin on windows →