This message was deleted.
# k3da
adamant-kite-43734
07/28/2025, 4:34 PMThis message was deleted.
c
creamy-pencil-82913
07/28/2025, 6:44 PMYou have a wildcard dns entry, or a pihole, or something else like that, and it is misdirecting requests to docker.io to a host with a broken certificate.
creamy-pencil-82913
07/28/2025, 6:44 PMFix your DNS
❤️ 1
creamy-pencil-82913
07/28/2025, 6:45 PMYou can try execing into the container and `curl`ing registry-1.docker.io to see what it is hitting instead of docker hub.
r
rapid-action-3724
07/28/2025, 11:13 PMthank you i'll need to go digging
rapid-action-3724
07/30/2025, 11:29 AM@creamy-pencil-82913 on a gitlab k8s runner I was able to fix this by having the cluster create inside a $CI_JOB_ID network. Other network names didn’t work, and I don’t really understand why. Sorta a blocker for me as I try to get this to work w/o a dependency on gitlab.
c
creamy-pencil-82913
07/30/2025, 4:27 PMI have no idea what that is or why it would be necessary but it does point to there being something broken in the default network, external to k3d
r
rapid-action-3724
07/30/2025, 7:47 PMAfter a lot of digging this seems to have been caused by the following istio annotation being missing in dev and active in prod:
<http://traffic.sidecar.istio.io/kubevirtInterfaces|traffic.sidecar.istio.io/kubevirtInterfaces>rapid-action-3724
07/30/2025, 7:49 PMthank you @creamy-pencil-82913 for being responsive and insightful in helping me narrow it down
19 Views