docker containerd无法从nexus中提取图像

hyrbngr7  于 2023-04-05  发布在  Docker
关注(0)|答案(1)|浏览(256)

我们已经将kops kubernetes集群从v1.19.2(docker://19.3.15)升级到v1.24.11(containerd://1.6.18),但是升级后我们无法从nexus仓库中提取docker镜像。
它给出错误:

Failed to pull image "myregistry.com/infra-tools/busybox:latest": rpc error: code = NotFound desc = failed to pull and unpack image "myregistry.com/infra-tools/busybox:latest": failed to resolve reference "myregistry.com/infra-tools/busybox:latest": myregistry.com/infra-tools/busybox:latest: not found

图像是存在的,我可以使用docker拉/推。
从工作节点:

ctr --debug images pull myregistry.com/infra-tools/busybox:latest
DEBU[0000] fetching                                      image="myregistry.com/infra-tools/busybox:latest"
DEBU[0000] resolving                                     host=myregistry.com
DEBU[0000] do request                                    host=myregistry.com request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/1.6.6 request.method=HEAD url="https://myregistry.com/v2/infra-tools/busybox/manifests/latest"
DEBU[0000] fetch response received                       host=myregistry.com response.header.cache-control="post-check=0, pre-check=0" response.header.connection=keep-alive response.header.content-length=2031 response.header.content-security-policy="sandbox allow-forms allow-modals allow-popups allow-presentation allow-scripts allow-top-navigation" response.header.content-type=text/html response.header.date="Fri, 10 Mar 2023 10:54:29 GMT" response.header.expires=0 response.header.pragma=no-cache response.header.server=nginx response.header.x-content-type-options=nosniff response.status="404 Not Found" url="https://myregistry.com/v2/infra-tools/busybox/manifests/latest"
INFO[0000] trying next host - response was http.StatusNotFound  host=myregistry.com
ctr: failed to resolve reference "myregistry.com/infra-tools/busybox:latest": myregistry.com/infra-tools/busybox:latest: not found

有人面临同样的问题吗?

5ktev3wc

5ktev3wc1#

这个问题出现在Nexus 3.2.0之前的版本中,升级到较新版本后问题就消失了。
原因:
containerd在拉取镜像时提交HTTP HEAD请求,但旧版nexus返回404响应HEAD请求。
复制问题模拟请求:

curl -v -X HEAD -H "Accept: application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" "https://<docker-registry>/v2/<image-name>/manifests/<image-tag>"

相关问题