This message was deleted Rancher Users #k3s

Join Slack

This message was deleted.

# k3s

adamant-kite-43734

02/28/2024, 4:28 PM

This message was deleted.

creamy-pencil-82913

02/28/2024, 6:01 PM

Is the image

<http://my.registry.com/devops/external-docker/nginx:v0.111|my.registry.com/devops/external-docker/nginx:v0.111>

available on one of your nodes? How exactly did you load it? Can you confirm that you see that image in

ctr -n <http://k8s.io|k8s.io> image ls

on one of the nodes?

creamy-pencil-82913

02/28/2024, 6:04 PM

If you start k3s with --debug and check the k3s logs in journald, you should see various events from spegel when the image is loaded and pulled.

glamorous-afternoon-50134

02/29/2024, 7:18 AM

Hi! Thanks for your answer. I have only one node. The image was loaded with

ctr -n <http://k8s.io|k8s.io> image import image.tar

. I can confirm that I see it with

ctr -n <http://k8s.io|k8s.io> image ls

Copy code

<http://my.registry.com/stable/devops/external-docker/nginx:v0.111|my.registry.com/stable/devops/external-docker/nginx:v0.111>             application/vnd.docker.distribution.manifest.v2+json sha256:113ffbd0c92490728547fe48740bb084f187c57aa92f65d4351bd5018aeed93a 88.9 MiB  linux/amd64 io.cri-containerd.image=managed

glamorous-afternoon-50134

02/29/2024, 7:18 AM

I will try with the debug flag and report back.

glamorous-afternoon-50134

02/29/2024, 7:20 AM

One strange thing : if I try to start a simple test pod manually (with kubectl apply), I can load an image tagged with "docker.io" like

<http://docker.io/library/alpine|docker.io/library/alpine>

that I loaded with ctr like the rest but did not re-tag with "my.registry.com". It seems the issue is limited to the images with "my.registry.com" at the beginning. For context, here is my

registries.yaml

file: ```mirrors: docker.io: registry.k8s.io: my.registry.com:```

glamorous-afternoon-50134

02/29/2024, 7:45 AM

Here is the spegel debug message when trying to pull the image:

Feb 29 074236 ip-10-0-10-10 k3s[1797514]: time="2024-02-29T074236Z" level=info msg="spegel 2024/02/29 074236 \"msg\"=\"\" \"error\"=\"mirror resolve retries exhausted for key: my.registry.com/devops/external-docker/nginx:v0.111\" \"path\"=\"/v2/devops/external-docker/nginx/manifests/v0.111\" \"status\"=500 \"method\"=\"HEAD\" \"latency\"=\"389.43µs\" \"ip\"=\"127.0.0.1\" \"handler\"=\"mirror\""

creamy-pencil-82913

02/29/2024, 9:30 AM

If you have only one node then what do you need this for? You just need to use airgap tarballs to preload things into containerd. The whole point of this is to allow multiple nodes to share their copies of images.

glamorous-afternoon-50134

02/29/2024, 9:33 AM

Oh, I thought it was a pre-requisite for being able to use airgapped images. So loading the images with

ctr -n <http://k8s.io|k8s.io> image import

is all I need? If so, why can I start a pod using an image prefixed "docker.io" and not "my.registry.com" when they are both loaded from the tarballs?

creamy-pencil-82913

02/29/2024, 9:36 AM

You could load them manually, or just drop the tarball in the images dir before starting k3s.

creamy-pencil-82913

02/29/2024, 9:36 AM

What are they tagged as in the tarball? How do they show up in containerd after being imported? What is the Image pull policy in your pod spec?

glamorous-afternoon-50134

02/29/2024, 9:38 AM

Tagged as :

<http://my.registry.com/devops/external-docker/nginx:v0.111|my.registry.com/devops/external-docker/nginx:v0.111>

(for this image at lease, there are others) They show up the same after being imported (if

ctr

is what I should use to get that info) The pull policy if

IfNotPresent

glamorous-afternoon-50134

02/29/2024, 9:45 AM

Oh no... I'm so sorry... I just realised that there is a path part missing in the image names... Oh what a noob! I think it does work and that was just a keyboard/chair issue 😕 Thanks for your help ! I now know that I don't need the embedded registry/mirror 🙂

25 Views

Open in Slack

Previous Next