levindecaro opened a new issue #5768:
URL: https://github.com/apache/cloudstack/issues/5768
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and main branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete
the comments.
-->
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Improvement Request
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
Kubernetes Service Plugin
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on main
branch.
-->
~~~
4.16.0
~~~
##### CONFIGURATION
<!--
Information about the configuration if relevant, e.g. basic network,
advanced networking, etc. N/A otherwise
-->
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
CentOS 7.9
KVM
##### SUMMARY
<!-- Explain the problem/feature briefly -->
When provision number of k8s in ACS, it will stalled by docker hub pull rate
limit policy. The k8s instance installation will fail to complete. To
workaround this problem, it require injecting the pull secret in the middle of
provisioning.
I think ACS should cater private registry authentication for the
bootstrapping, or allowing custom property to specify image repository URL,
such as quay.io or self hosted anonymous mirror.
##### STEPS TO REPRODUCE
<!--
For bugs, show exactly how to reproduce the problem, using a minimal
test-case. Use Screenshots if accurate.
For new features, show how the feature would be used.
-->
<!-- Paste example playbooks or commands between quotes below -->
~~~
1. Create a k8s instance in ACS.
2. ssh into first controlplane node
3. watch ImagePullBackoff event
4. Patch the pull secret
5. Restart the backedoff Pod
6. Wait for all Pod in running state.
~~~
example workaround script
```
read -p "your docker.io login name: " DOCKER_IO_USERNAME
read -p "your docekr.io password: " DOCKER_IO_PASSWORD
for x in `kubectl get ns -o NAME|awk -F / '{print $2}'`;do
kubectl create secret docker-registry docker-secret
--docker-server=docker.io --docker-username=${DOCKER_IO_USERNAME}
--docker-password=${DOCKER_IO_PASSWORD} --docker-email=dummy -n $x
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name":
"docker-secret"}]}' -n $x
done
kubectl patch serviceaccount weave-net -p '{"imagePullSecrets": [{"name":
"docker-secret"}]}' -n kube-system
kubectl patch serviceaccount kubernetes-dashboard -p '{"imagePullSecrets":
[{"name": "docker-secret"}]}' -n kubernetes-dashboard
kubectl get pod -A | awk '{if ($4=="Init:ImagePullBackOff") print "kubectl
delete pod " $2 " -n " $1;}' | sh
kubectl get pod -A | awk '{if ($4=="ImagePullBackOff") print "kubectl delete
pod " $2 " -n " $1;}' | sh
kubectl get pod -A | awk '{if ($4=="Pending") print "kubectl delete pod " $2
" -n " $1;}' | sh
```
<!-- You can also paste gist.github.com links for larger files -->
##### EXPECTED RESULTS
<!-- What did you expect to happen when running the steps above? -->
~~~
k8s instance created without human invention.
~~~
##### ACTUAL RESULTS
<!-- What actually happened? -->
<!-- Paste verbatim command output between quotes below -->
~~~
Require inject pull secrets manually.
~~~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
