Dave Protasowski
Dave Protasowski
/triage accepted
/triage accepted
Sure - the change will need to be done upstream in ggcr https://github.com/google/go-containerregistry/blob/7196cf3dc436a7633687b0c83ba76318f70e26f2/pkg/authn/kubernetes/keychain.go#L273 /assign @jwcesign
I created an upstream issue and asked for input from the maintainers - https://github.com/google/go-containerregistry/issues/1431
@Wouter0100 another workaround is to specify the registry secret with the repository ie. `registry.com/foo` and `registry.com/bar` can you try that?
My only concern with that solution is that it'll enumerate over extra keychains excessively - and we've seen some keychains in the past be really slow (ie. 2s). ie. https://github.com/google/go-containerregistry/blob/7196cf3dc436a7633687b0c83ba76318f70e26f2/pkg/authn/k8schain/k8schain.go#L98-L104...
cc @psschwei @nader-ziada
Related issue: https://github.com/knative/serving/issues/10751 Also there are few settings you can tweak since you're running mesh mode. One will skip scraping of pods - assuming it won't be successful in mesh...
> and Knative will attempt pod scraping, but fall back to service scraping, which generates the logs I am seeing. Is that correct? Yup
> Add conformance tests Adding anything to the conformance would require going through the Trademark committee. I have an umbrella issue for that.