kubernetes: 1.8 regression: Can't pull images from docker.io without explicit path on centos/fedora/rhel
https://github.com/kubernetes/kubernetes/pull/51751 bumped the vendored docker library and introduced a regression where pods with images that don’t contain an explicit “docker.io/” repo path result in ErrImagePull failures.
apiVersion: v1
kind: Pod
metadata:
name: busybox
spec:
containers:
- name: busybox
image: busybox
command:
- sleep
- "100"
terminationGracePeriodSeconds: 0
restartPolicy: Never
Results in the following error:
Failed to pull image "busybox": rpc error: code = Unknown desc = no such image: "docker.io/library/busybox:latest"
Pod gets ErrImagePull
docker images shows that the image has been pulled, though not by that name
$ docker images | grep busybox
docker.io/busybox latest d20ae45477cb 2 weeks ago 1.13 MB
Changing the image to docker.io/busybox in the pod spec corrects the issue.
I think the new code that is changing the behavior is somewhere in here https://github.com/kubernetes/kubernetes/blob/master/vendor/github.com/docker/distribution/reference/normalize.go#L78-L98
familiarizeName() is a new function brought in by the bump.
If I checkout the commit before the bump, the problem does not occur.
@derekwaynecarr @DirectXMan12 @dashpole
related: https://bugzilla.redhat.com/show_bug.cgi?id=1496630
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 36 (35 by maintainers)
Commits related to this issue
- lib/common: update `ParseDockerURL` Latest `github.com/docker/distribution/reference` provides new helpers to parse and harmonize names. With that, docker2aci now also can handle URLs with index dom... — committed to kinvolk-archives/docker2aci by schu 7 years ago
- lib/common: update `ParseDockerURL` When testing rktlet with k8s `v1.8.0-beta.1`, `PullImage` currently fails because the kubelet sends a full image name (e.g. `docker.io/library/busybox`) instead of... — committed to kinvolk-archives/docker2aci by schu 7 years ago
- lib/common: update `ParseDockerURL` When testing rktlet with k8s `v1.8.0-beta.1`, `PullImage` currently fails because the kubelet sends a full image name (e.g. `docker.io/library/busybox`) instead of... — committed to kinvolk-archives/docker2aci by schu 7 years ago
- lib/common: update `ParseDockerURL` When testing rktlet with k8s `v1.8.0-beta.1`, `PullImage` currently fails because the kubelet sends a full image name (e.g. `docker.io/library/busybox`) instead of... — committed to kinvolk-archives/docker2aci by schu 7 years ago
- lib/common: update `ParseDockerURL` When testing rktlet with k8s `v1.8.0-beta.1`, `PullImage` currently fails because the kubelet sends a full image name (e.g. `docker.io/library/busybox`) instead of... — committed to kinvolk-archives/docker2aci by schu 7 years ago
- Merge pull request #53161 from dims/fix-repotags Automatic merge from submit-queue (batch tested with PRs 52634, 53121, 53161). If you want to cherry-pick this change to another branch, please follow... — committed to kubernetes/kubernetes by deleted user 7 years ago
- Merge pull request #18340 from sjenning/pick-58955 Automatic merge from submit-queue (batch tested with PRs 18225, 18351, 18331, 18340, 18326). UPSTREAM: 58955: pkg: kubelet: do not assume anything ... — committed to openshift/origin by openshift-merge-robot 6 years ago
- Merge pull request #18340 from sjenning/pick-58955 Automatic merge from submit-queue (batch tested with PRs 18225, 18351, 18331, 18340, 18326). UPSTREAM: 58955: pkg: kubelet: do not assume anything ... — committed to openshift/kubernetes by k8s-publishing-bot 6 years ago
- Merge pull request #18340 from sjenning/pick-58955 Automatic merge from submit-queue (batch tested with PRs 18225, 18351, 18331, 18340, 18326). UPSTREAM: 58955: pkg: kubelet: do not assume anything ... — committed to openshift/kubernetes by k8s-publishing-bot 6 years ago
I have opened a bug for this https://bugzilla.redhat.com/show_bug.cgi?id=1496630
Since that would mean releasing a new version would regress existing users, we generally say that we’ll do our best to tolerate it instead of releasing something known broken. We’ve done that with various versions of Docker, systemd, and iptables for years, and I’m sure we’ll do our best to do that. I do agree that this looks like a bug in that docker distribution that should be fixed.
I also agree that this should have been in the test grid and that the distro owner is responsible for ensuring the project has that signal.