docker-image-resource icon indicating copy to clipboard operation
docker-image-resource copied to clipboard

Published 20 hours ago verified publisher icon concourse

Cannot find the host of private registry when run in kubernetes

Open garlic0708 opened this issue 6 years ago • 2 comments

I have a kubernetes cluster with a Concourse instance and a docker-registry instance deployed, both with the official stable helm chart. The docker registry exposes a k8s service of ClusterIP type. And I tried to run a job pushing an image to this registry.

I'm referencing the registry with the k8s service name, appended by port number, as documented:

resources:
  - name: go-k8s-docker
    type: docker-image
    source:
      repository: docker-registry:5000/go-k8s-docker

However, the job failed with an error message indicating that it cannot find the registry's host name:

The push refers to repository [docker-registry:5000/go-k8s-docker]
Get https://docker-registry:5000/v2/: dial tcp: lookup docker-registry on 10.4.0.30:53: no such host

I intercepted into the job-running container, did a curl, and it could not resolve the host either, the same as the job's error message:

root@322bb276-f86d-4c93-6b7d-28fbc5c68af4:/tmp/build/put# curl -v docker-registry:5000
* Rebuilt URL to: docker-registry:5000/
* Could not resolve host: docker-registry
* Closing connection 0
curl: (6) Could not resolve host: docker-registry

However, when I opened a shell into the worker pod (which is the 'host' from the job-running container's perspective), the curl succeeded with no problem:

root@concourse-worker-0:/# curl -v docker-registry:5000
* Rebuilt URL to: docker-registry:5000/
*   Trying 10.0.6.26...
* TCP_NODELAY set
* Connected to docker-registry (10.0.6.26) port 5000 (#0)
> GET / HTTP/1.1
> Host: docker-registry:5000
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: no-cache
< Date: Mon, 14 Oct 2019 06:04:55 GMT
< Content-Length: 0
<
* Connection #0 to host docker-registry left intact

Seems that the container is not able to utilize its host's DNS server?

garlic0708 avatar Oct 14 '19 06:10 garlic0708

That's caused by a busybox nslookup bug introduced after 1.28.4.

https://github.com/kubernetes/kubernetes/issues/66924#issuecomment-411806846

The docker-image resource type is using an alpine image, which is derived from a busybox version including the bug.

We're actively looking for a solution, which may include forking the resource's repo.

https://github.com/concourse/docker-image-resource

RooSoft avatar Feb 06 '20 15:02 RooSoft

Have you tried this with latest image of docker-image-resource that is built with latest alpine? docker pull concourse/docker-image-resource:dev

xtremerui avatar May 15 '20 03:05 xtremerui