Comments (14)
from operator.
Docker wrote a blog post to clarify their terrible announcement: https://www.docker.com/blog/we-apologize-we-did-a-terrible-job-announcing-the-end-of-docker-free-teams/
from operator.
I have installed tigera-operator with the following but still find some pods with images from docker.io:
installation:
kubernetesProvider: EKS
registry: quay.io/
so far:
kubectl get ds -o yaml -n calico-system csi-node-driver | grep -i 'image:' | sort | uniq
image: docker.io/calico/csi:v3.24.1
image: docker.io/calico/node-driver-registrar:v3.24.1
and
kubectl get deploy -o yaml -n calico-system calico-kube-controllers |grep -i 'image:' | sort | uniq
image: docker.io/calico/kube-controllers:v3.24.1
from operator.
I have installed tigera-operator with the following but still find some pods with images from docker.io:
Your configuration may be wrong, can you provide your whole Installation
definition? I don't have this issue.
from operator.
That is my whole values.yaml that I pass to to the tigera-operator helm chart. Mostly all the calico images are coming from quay.io, just not the ones I listed above.
from operator.
sorry this must be a cluster issue on my end, i checked another cluster and its fine.
from operator.
I have another point to do this change: docker.io is still not IPv6 capable. Yes, there is registry.ipv6.docker.com, but in my Scenario, I try to deploy calico on an IPv6 only machine. The operator keeps altering back the deployments and daemonsets to use docker.io which results in an Image Pull Error. Or maybe you guys can provide a config map for the operator and the registry(ies) to use for calico images?
from operator.
Or maybe you guys can provide a config map for the operator and the registry(ies) to use for calico images?
@tibeer have you tried configuring the registry field in the installation resource? I would think that might address the issue for an IPv6 registry.
Is quay.io IPv6 capable and would fix this issue for you without specifying any additional configuration?
from operator.
@tmjd this works! Is there an easy option to set this information via helm? I did not find a reference in the chart values.
from operator.
@tibeer Helm configuration has an embedded installation spec. That is what the installation field in the chart values equates to. So anything you could put in the Installation resource spec you can put in helm, just make sure it is correctly nested as it would be in the the Installation spec. Or at least that is my understanding.
from operator.
@tmjd after a bit of trying I figured it out:
helm install calico ./tigera-operator --namespace tigera-operator --create-namespace --set installation.registry="quay.io"
This was not easy to find, as the documentation references it as "InstallationSpec", so initially thought InstallationSpec.registry="quay.io"
was the right value.
Oh, and another thing: You have to copy the helm-chart manually, as
helm repo add projectcalico https://docs.tigera.io/calico/charts
isn't working on IPv6 only either, since it seems to be hosted on github as well :/
But I got it working for me now, thanks a lot!
from operator.
A good rules a thumb from security perspective IMHO is to aways duplicate the chart used images to your own registry. It's painful, it takes times to maintain but reduce risk of availability if original registry goes down (or has rate limits...), and system integrity since the source image could get compromised afterward (with a malware for instance).
from operator.
@Exagone313 @tmjd since the issue is now almost a year old and considering that the calico images are still pulled from dockerhub and nothing bad happened in that time, can we close this issue?
from operator.
I think it should be more straightforward to use Quay instead of Docker Hub. Currently, if I try to install Calico, I would not even know that images are also pushed on Quay.
As far as I know, Docker Hub still has some of these quota built-in unlike Quay. Also Docker Hub randomly fails (EOF) and does not support IPv6 from what is told above.
What is the advantage of keeping Docker Hub the default?
from operator.
Related Issues (20)
- Calico v3.27.0 not working with Tigera v1.32.3 HOT 5
- Uninstallation Failure: Calico Module Leaves Remaining Jobs Blocking Deletion HOT 1
- Can't use calico on windows on EKS due to forced network mode HOT 1
- Calico APIServer does not find certs secret HOT 2
- With Tigera operator, applicative pod lost network after windows nodes reboot HOT 2
- Calico or Tigera operator should create CRDs automatically HOT 1
- Calico v3.27.2 is not working with TigeraOperator v1.32.5 HOT 2
- is there anyway to config labels for calico-system and calico-apiserver using tigera operator
- Expose CNI path for configuration
- [SOLVED] Issue migrating to Tigera Operator, IPAMCONFIGURATION not found HOT 8
- Tigera Operator installation causing significant growth in kube-apiserver-audit and operator workload logs HOT 1
- strict decoding error: unknown field "spec.FailsafeInboundHostPorts" HOT 5
- operator: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory HOT 4
- Tigera-operator helm chart unable to set csiNodeDriverDaemonSet resource memory/cpu requests & limits HOT 5
- bug: Calico Uninstallation Fails Due to Finalizers on Service Accounts HOT 13
- tigera operator throws error every 5 minutes for ippool not created and managed by operator HOT 2
- Request to upgrade Go packages to fix a vulnerability HOT 2
- Support for traffic shaping using the calico operator? HOT 1
- SIGSEGV: segmentation violation PC=0x7f820e813ead m=0 sigcode=1 signal arrived during cgo execution HOT 5
- Support KubePrism endpoint on Talos HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from operator.