kubespary's question about using insecure-registry for gcr.io mirror source?

[SoHuDrgon]

system environment

rocky linux 8
kubespary 2.18.1

The region is China, and gcr.io and k8s.gcr.io are blocked in China. I created a docker registry on foreign vps

# cat /etc/docker/registry-config.yml 
version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
# 指定反代仓库
proxy:
  remoteurl: https://k8s.gcr.io

I want to use my own registry to pull images in kubespary. I modified the configuration as follows:

1.roles/download/defaults/main.yml

# gcr and kubernetes image repo define
gcr_image_repo: "ip:5000"
kube_image_repo: "ip:5000"

2.inventory/mycluster/group_vars/all/containerd.yml 
## An obvious use case is allowing insecure-registry access to self hosted registries.
## Can be ipaddress and domain_name.
## example define mirror.registry.io or 172.19.16.11:5000
## set "name": "url". insecure url must be started http://
## Port number is also needed if the default HTTPS port is not used.
containerd_insecure_registries:
#   "localhost": "http://127.0.0.1"
  "ip:5000": "http://ip:5000"

Execute ansible-playbook --flush-cache -i inventory/mycluster/inventory.ini cluster.yml -b -v Can't download mirror The error is as follows:

TASK [download : download_container | Download image if required] ****************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: No closing quotation
fatal: [rocky12 -> rocky12]: FAILED! => {"attempts": 4, "changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"<stdin>\", line 100, in <module>\n  File \"<stdin>\", line 92, in _ansiballz_main\n  File \"<stdin>\", line 41, in invoke_module\n  File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_ansible.legacy.command_payload_tm_cq6zv/ansible_ansible.legacy.command_payload.zip/ansible/modules/command.py\", line 389, in <module>\n  File \"/tmp/ansible_ansible.legacy.command_payload_tm_cq6zv/ansible_ansible.legacy.command_payload.zip/ansible/modules/command.py\", line 307, in main\n  File \"/usr/lib64/python3.6/shlex.py\", line 305, in split\n    return list(lex)\n  File \"/usr/lib64/python3.6/shlex.py\", line 295, in __next__\n    token = self.get_token()\n  File \"/usr/lib64/python3.6/shlex.py\", line 105, in get_token\n    raw = self.read_token()\n  File \"/usr/lib64/python3.6/shlex.py\", line 187, in read_token\n    raise ValueError(\"No closing quotation\")\nValueError: No closing quotation\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: No closing quotation
fatal: [rocky10 -> rocky10]: FAILED! => {"attempts": 4, "changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"<stdin>\", line 100, in <module>\n  File \"<stdin>\", line 92, in _ansiballz_main\n  File \"<stdin>\", line 41, in invoke_module\n  File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_ansible.legacy.command_payload_jx3o_tsk/ansible_ansible.legacy.command_payload.zip/ansible/modules/command.py\", line 389, in <module>\n  File \"/tmp/ansible_ansible.legacy.command_payload_jx3o_tsk/ansible_ansible.legacy.command_payload.zip/ansible/modules/command.py\", line 307, in main\n  File \"/usr/lib64/python3.6/shlex.py\", line 305, in split\n    return list(lex)\n  File \"/usr/lib64/python3.6/shlex.py\", line 295, in __next__\n    token = self.get_token()\n  File \"/usr/lib64/python3.6/shlex.py\", line 105, in get_token\n    raw = self.read_token()\n  File \"/usr/lib64/python3.6/shlex.py\", line 187, in read_token\n    raise ValueError(\"No closing quotation\")\nValueError: No closing quotation\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
FAILED - RETRYING: download_container | Download image if required (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: No closing quotation
fatal: [rocky11 -> rocky11]: FAILED! => {"attempts": 4, "changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"<stdin>\", line 100, in <module>\n  File \"<stdin>\", line 92, in _ansiballz_main\n  File \"<stdin>\", line 41, in invoke_module\n  File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_ansible.legacy.command_payload_34b0hv3s/ansible_ansible.legacy.command_payload.zip/ansible/modules/command.py\", line 389, in <module>\n  File \"/tmp/ansible_ansible.legacy.command_payload_34b0hv3s/ansible_ansible.legacy.command_payload.zip/ansible/modules/command.py\", line 307, in main\n  File \"/usr/lib64/python3.6/shlex.py\", line 305, in split\n    return list(lex)\n  File \"/usr/lib64/python3.6/shlex.py\", line 295, in __next__\n    token = self.get_token()\n  File \"/usr/lib64/python3.6/shlex.py\", line 105, in get_token\n    raw = self.read_token()\n  File \"/usr/lib64/python3.6/shlex.py\", line 187, in read_token\n    raise ValueError(\"No closing quotation\")\nValueError: No closing quotation\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

But I can download it locally by executing the command:

# nerdctl --namespace k8s.io --insecure-registry pull ip:5000/kube-apiserver:v1.22.8
WARN[0000] skipping verifying HTTPS certs for "ip:5000" 
ip:5000/kube-apiserver:v1.22.8: resolving      |--------------------------------------| 
elapsed: 0.2 s                               total:   0.0 B (0.0 B/s)                                         
INFO[0000] trying next host                              error="failed to do request: Head \"https://ip:5000/v2/kube-apiserver/manifests/v1.22.8\": http: server gave HTTP response to HTTPS client" host="ip:5000"
ip:5000/kube-apiserver:v1.22.8: resolving      |--------------------------------------| 
elapsed: 0.4 s                               total:   0.0 B (0.0 B/s)                                         
ip:5000/kube-apiserver:v1.22.8:                                      resolved       |++++++++++++++++++++++++++++++++++++++| 
index-sha256:c2235616f1fbb21e13876cffb72d94241c560b1829fc3820d9a9e5ffb2cfa8e8:    done           |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:50a576a5d4ffb79e5b0bcc65a7dbf923190a725d668e1d449f2905a9a9351e1d: done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:c0d565df2c900c1994f150a1630b3ce4c4256ad479ca6520ad13e75f8082e5a9:   done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:f269f571cbe349ce4a19aa158e50cc984b9c01e8c5021b5800f910d672db72ab:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:ab2f6dae3b543cfb15c6bbc4ce6368bb84fd76fcb08efb54fb9345240e9f4e34:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:15663828260b844f6fd9637195bf716ca809a9020b913a032f03ff06c31cf985:    done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 9.6 s                                                                    total:  29.8 M (3.1 MiB/s)             

What else do I need to configure to use my private reverse repository? Does the --insecure-registry parameter need to be added to any configuration?

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[shelmingsong]

You can refer to this article

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[SoHuDrgon]

You can refer to this article

thanks bro!