CAA: imagePullSecrets are not supported #2231
Labels
bug
Something isn't working
Comments
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 9, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 9, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 10, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 10, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 10, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 10, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 10, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 10, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 10, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 11, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 13, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 13, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 13, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
squarti
added a commit
to squarti/cloud-api-adaptor
that referenced
this issue
Jan 14, 2025
This PR initializes auth.json with the imagePullSecrets listed on the pod and service account. Fixes: confidential-containers#2231 Signed-off-by: Silenio Quarti <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
If a pod (or pod's service account) specifies imagePullSecrets for private registries, the pod fails to run with following error
Warning Failed 5s (x4 over 48s) kubelet Error: failed to create containerd task: failed to create shim task: failed to pull manifest Not authorized: url https://icr.io/v2/skaegi/alpine/manifests/3.18
Stack backtrace:
0: anyhow::kind::Adhoc::new
1: image_rs::image::ImageClient::pull_image::{{closure}}.13035
2: <kata_agent::storage::image_pull_handler::ImagePullHandler as kata_agent::storage::StorageHandler>::create_device::{{closure}}
3: kata_agent::storage::add_storages::{{closure}}
4: kata_agent::rpc::AgentService::do_create_container::{{closure}}::{{closure}}.10324
5: <kata_agent::rpc::AgentService as protocols::agent_ttrpc_async::AgentService>::create_container::{{closure}}
6: <protocols::agent_ttrpc_async::CreateContainerMethod as ttrpc::asynchronous::utils::MethodHandler>::handler::{{closure}}
7: ttrpc::asynchronous::server::HandlerContext::handle_msg::{{closure}}
8: <ttrpc::asynchronous::server::ServerReader as ttrpc::asynchronous::connection::ReaderDelegate>::handle_msg::{{closure}}::{{closure}}
9: tokio::runtime::task::raw::poll
10: tokio::runtime::scheduler::multi_thread::worker::Context::run_task
11: tokio::runtime::task::raw::poll
12: std::sys_common::backtrace::__rust_begin_short_backtrace
13: core::ops::function::FnOnce::call_once{{vtable.shim}}
14: <alloc::boxed::Box<F,A> as core::ops::function::FnOnce>::call_once
at ./rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/alloc/src/boxed.rs:2007:9
15: <alloc::boxed::Box<F,A> as core::ops::function::FnOnce>::call_once
at ./rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/alloc/src/boxed.rs:2007:9
16: std::sys::unix::thread::Thread::new::thread_start
How to reproduce
Create a pod with image from private registry.
CoCo version information
v0.11.0
What TEE are you seeing the problem on
None
Failing command and relevant log output
No response
The text was updated successfully, but these errors were encountered: