08/26/2022, 2:03 PM
Hey there! I hit an issue when I start new nodes and start a old rancher agent version on it. Ideally, it should automatically pull the new rancher image and start a replacement docker container by itself. In my case, it fails at pulling the agent image with
Error response from daemon: Head \"<>\": unauthorized: authentication required, visit <> for more information.
I had a look at the source code, and I believe it crashes when trying to pull the
process image, which has no
settings section in the nodePlan object. How can I ensure
process is configured with the right ``imageRegistryAuthConfig`` , given that all the other processes have the right credentials attached?
I confirm editing the share-mnt process in the nodePlan (from did the trick. I unlocked rancher-agent from pulling the agent image.
So there's clearly a bug on the Rancher side.
What I did is: Add the following annotation to rancher server ingress (since I was not able to find an existing unauthentified endpoint that serves the server version):
<|>: |
                location /rancher-version {
                    return 200 '${rancher_current_version}';
And then, in my cloud-init, add the following step before starting the rancher-agent:
# Pull latest Rancher agent
rancher_current_version=$(curl -sfSL ${rancher_url}/rancher-version)
docker pull "${docker_registry_url}/rancher/rancher-agent:$rancher_current_version"
So, when the Rancher agent connects and checks if the share-mnt image is present, docker says yes and the pull is skipped: