trident icon indicating copy to clipboard operation
trident copied to clipboard

Published 20 hours ago verified publisher icon NetApp

Error reading manifest latest

Open radioactive73 opened this issue 3 years ago • 3 comments

Describe the bug When specifying tridentImage and autosupportImage in the TridentOrchestrator CRD the latest tag doesn't work, you have to use the specific version tag. The error I get is:

Failed to pull image "netapp/trident-autosupport:latest": rpc error: code = Unknown desc = Error reading manifest latest in docker.io/netapp/trident-autosupport

Environment Openshift 4.7.30

  • Trident version: 21.10
  • Kubernetes version: v1.21.2-1505
  • Kubernetes orchestrator: Openshift 4.7.30
  • NetApp backend types: ONTAP

To Reproduce Deploy trident operator manually: https://netapp-trident.readthedocs.io/en/latest/kubernetes/deploying/operator-deploy.html#deploy-trident-operator-manually

Then on step three update the trident orchestrator CR: Example:

apiVersion: trident.netapp.io/v1
kind: TridentOrchestrator
metadata:
  name: trident
spec:
  autosupportImage: 'netapp/trident-autosupport:latest'
  debug: true
  namespace: trident
  tridentImage: 'netapp/trident:latest'

$ kubectl create -f deploy/crds/tridentorchestrator_cr.yaml

Expected behavior I would expect you not to have to specify the version exclusively (ex: 21.10), and instead be able to use the 'latest' tag.

Additional context NOTE: This only really surfaces when using a custom registry, otherwise these values don't need to be specified at all. But it still happens when you manually specify the docker registry with the latest tag.

Example:

apiVersion: trident.netapp.io/v1
kind: TridentOrchestrator
metadata:
  name: trident
spec:
  autosupportImage: 'quay.io/mirror/trident-autosupport:latest'
  debug: true
  namespace: trident
  tridentImage: 'quay.io/mirror/trident:latest'

radioactive73 avatar Nov 26 '21 22:11 radioactive73

Hi @radioactive73

trident-autosupport doesn't have a latest tag. The version of the autosupport container image matches the version of tridentOrchestrator which is used to deploy Trident. This helps handle scenarios where Trident needs to be upgraded with the operator. When using a custom registry, it is recommended to follow this sequence:

  1. Obtain the list of required images for a given Trident release by running the tridentctl get images command.
  2. Push and pull images to a private registry.
  3. Provide the image registry when installing Trident. If installing with a tridentOrchestrator, set spec.imageRegistry to your private image registry.

balaramesh avatar Nov 29 '21 15:11 balaramesh

Hi @balaramesh

Would adding the latest tag to trident-autosupport be a consideration? Also you mentioned that it should match the version of tridentOrchestrator but in practice I only see that happening when you don't specify a custom registry through spec.autosupportImage and spec.tridentImage. It would be nice if the versions here didn't have to be updated in addition to deploying the new tridentOrchestrator, or have the ability to auto-upgrade (Ex. To use with a test/canary environment env).

I tried specifying spec.imageRegistry but it was trying to pull csi containers that weren't mirrored, and I think they normally come from k8s.gcr.io/sig-storage so there's no rate limiting issue there.

radioactive73 avatar Nov 30 '21 18:11 radioactive73