-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error in revision-controller handling sidecar images when using ko.local #1093
Comments
/assign pivotal-sukhil-suresh |
Followed repro steps listed by @trisberg and got the same error
PS: If required, have a handy script to teardown/startup minikube,.... deploy app on knative for logs. |
Debug attempts so far:
Parameters logged when failing with
|
At this point, convinced that the flaw lies in the vendored Why Ko? As mentioned in the previous message, the revision controller when reconciling the deployment (on knative) tries to resolve a remote image using the vendored Usure as to why the logged value for the image tag parameter is To convince myself that the fault lay with the Ko codebase, tried a sample app with the same input params and got the same lookup failure. Maybe special handling is required for At this point, to proceed further, need to understand better how Ko handles ko.local prefixed URLs for operations besides remote image lookup. Eg. pushing images Tried the sample app at the knative/serving vendor constraint of Sample app snippet for
Note: there are minor variations in the imports and remote.Image call between |
During our further investigation today, we found that this issue also affects Docker for Desktop almost identically. We don't think it's exclusive to minikube. |
The root error occurs when a
We are convinced that solution 2 is the better approach since it does not introduce special handling for any address. The bigger challenge at the moment is to identify the local docker registry address which can be used from within the kubernetes cluster. |
@pivotal-sukhil-suresh and I kept investigating yesterday. Option 2 does not work, because the components we need to adjust (queue and autoscaler) are not part of the We started on Option 1 and got it half-working. We can detect |
@jchesterpivotal and I kept on yesterday. The approach we explored yesterday was enabling the minikube addon registry. The knative codebase (through go-containerregistry) can communicate with the addon registry and tries to pull images from there. The challenge at the moment is getting images into this addon registry using The policy of being able to talk to an insecure registry is configured on the daemon and not possible at the docker CLI. We are able to successfully talk to the addon registry (inside of kubernetes, inside of minikube) from the docker CLI (outside of minikube) by adding it to our host docker daemon (outside of minikube, in our case Docker for Desktop). But |
@jchesterpivotal and I paired on this: Most of yesterday was spent getting How-To on controlling ingress traffic rules for the addon registry using the Istio ingress-gateway. How-To for generating the certificate for addon registry (signed with the kubernetes cluster CA) |
I think the most expedient solution to this would be to simply restrict the tag-to-digest resolution to Sorry I didn't see this previously. |
By default the controller is configured to skip resolving for the following registries: - ko.local - dev.local This should address issue #1093 Co-authored-by: Sukhil Suresh <ssuresh@pivotal.io>
Expected Behavior
Deploying development build using minikube and
ko.local
should work for creating sample appsActual Behavior
The revision-controller throws error related to the images specified for the queueSidecarImage.
Using an image in the controller args like
ko.local/github.com/knative/serving/cmd/queue:80201dca6c68711ee1cd8d2a2f4978530dc9e51d920fe53217ada2844102dabf
fails while changing that to the GCR release imagegcr.io/knative-releases/github.com/knative/serving/cmd/queue@sha256:1a5de85ab28dc940c5770516d045d5e9d91c3e5b794e57a09655efeadbe240bc
works fine.Steps to Reproduce the Problem
Additional Info
Log message:
The text was updated successfully, but these errors were encountered: