Comments (8)
distribution/distribution#3489
from containerd.
Thanks @aojea for getting this working in distribution and eventually kubernetes ;)
from containerd.
Use of IPv6 literals in the image name works in Kubernetes 1.29, which uses docker/distribution
v2.8.3 which uses distribution/reference
as the backend for docker/distribution/reference
. Older releases that are still on v2.8.2 will fail to schedule pods that use an ipv6 literal as the image registry:
state:
waiting:
message: 'Failed to apply default image tag "[fd7c:53a5:aef5::242:ac11:7]/rancher/mirrored-coredns-coredns:1.10.1":
couldn''t parse image name "[fd7c:53a5:aef5::242:ac11:7]/rancher/mirrored-coredns-coredns:1.10.1":
invalid reference format'
reason: InvalidImageName
This is unrelated to the issue of needing to support IPv6 addresses in mirror endpoints though.
from containerd.
fwiw go-toml itself doesn't handle round-trip this properly either. There does not appear to be any way to escape characters in table keys.
package main
import (
"fmt"
"github.com/pelletier/go-toml"
)
type Entry struct {
Foo string
}
type Thing struct {
Entries map[string]Entry
}
func main() {
foo := Thing{
Entries: map[string]Entry{
"https://[::1]/v2": {
Foo: "foo",
},
},
}
b, err := toml.Marshal(foo)
fmt.Printf("Marshal error=%v\n%s\n", err, b)
err = toml.Unmarshal(b, &foo)
fmt.Printf("Unmarshal error=%v\n", err)
}
Marshal error=<nil>
[Entries]
[Entries."https://[::1]/v2"]
Foo = "foo"
Unmarshal error=(4, 4): unexpected token table key cannot contain ']', was expecting a table key
from containerd.
Added a very hacky proposed fix in #10072
from containerd.
@samuelkarp would you prefer to discuss the preferred approach to this here? I'll paste what I said on the PR:
Honestly this datastructure should have been a table list with a
server
field for each entry, rather than trying to get clever and put the server URL in the table key. Using a list would have also avoided all the weirdness with having to re-parse the tree to get the key order from line numbers in the file.[[host]] server = "https://[fd7c:53a5:aef5::242:ac11:7]/v2" capabilities = ["pull", "resolve"] skip_verify = true
Since containerd 2.0 isn't out yet, now might be a good time to fix this.
from containerd.
Honestly this datastructure should have been a table list with a server field for each entry, rather than trying to get clever and put the server URL in the table key.
I agree.
Since containerd 2.0 isn't out yet, now might be a good time to fix this.
If so, we'll need to get it done and in fairly quickly; 2.0.0-rc.0 is already out and we've tried to give advance warning of breaking changes like this. It may be more feasible to add an override, or to try and fix the port-parsing such that a valid IPv6 address is not mistaken for something with a port appended.
@dmcgowan I'd appreciate your thoughts on this.
from containerd.
I'll have to poke at the go-toml/v2 parser that containerd 2.0 uses, but I was considering trying to get it to support both the existing [host."example.com"]
or proposed [[host]]/server="example.com"
structure, as long as the file doesn't mix between both. I think that should be doable.
I should have some cycles for a POC next week.
from containerd.
Related Issues (20)
- `ctr images export` and `ctr images import` are incongruous HOT 3
- Local content store with label store HOT 2
- Containerd not able to pull images from harbor repository. HOT 1
- container exec may hang on containerd version 1.7.14 HOT 7
- Image pull progress
- ctr exec hang when use containerd 1.6.31 HOT 4
- introspectRuntimeFeatures crashes containerd service startup (untrusted runtime plugin) HOT 4
- container image signature verification at containerd HOT 2
- Can't skip tls cert verify when fetching blob from external urls
- docs: image and registry config guide need to be updated
- Trying to work with spegel for faster image pull times but fails since we have private tls certificates. HOT 1
- In a cgroup2 enviroment, runing a container in a container failed. HOT 2
- NRI plugin registration can trigger a deadlock HOT 11
- Duplicate images coming with <none>:<none> tag
- When a runtime is specified as default_runtime_name, the cri_handler of the runtime cannot be used.
- runc-shim-v2 hold lock cause cri can't delete container HOT 2
- Add support for container restore from a checkpoint in Kubernetes
- ExecSync did not return according to the timeout set in the request HOT 3
- [1.6/1.7] kubernetes ephemeral-storage limits not enforced with remote snapshotters HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from containerd.