scorecard test fails to due to docker rate limiting #4886
Comments
|
I guess docker rate limits have dropped considerably within the last year. You should be able to pre-load your cluster's registry with the busybox image pulled from a proxy, since the scorecard runner's pod pull policy is /triage support |
openshift-ci-robot
added
the
triage/support
|
The scorecard test runs as part of a pipeline. That pipeline can target different clusters. Also if you a multi node cluster or a cluster where nodes are dynamically provisioned then I don't think it's practical to pre-load the image. |
|
Ok fair points. Do you already have a proxy set up, or some solution that lets your pull other docker.io images without rate limits? /ping @jmccormick2001 |
|
We have a local docker repository (nexus), so we can retag busybox and host it there. Just need a way to make the reference configurable from scorecard. |
|
if we alllowed scorecard to specify ifNotPresent pull policy would that resolve this? |
No. It would still fail on the first pull. |
|
@estroz we are seeing this more and more, is there a work around |
|
I'm still in the camp of pre-loading images via a DameonSet, which will provision all nodes with an image: apiVersion: apps/v1
kind: DaemonSet
metadata:
name: prepull
spec:
selector:
matchLabels:
name: prepull
template:
metadata:
labels:
name: prepull
spec:
initContainers:
- name: prepull
image: docker
# Or `bash -c "docker pull <proxy>/busybox && docker tag <proxy>/busybox busybox"`
command: ["docker", "pull", "busybox"]
volumeMounts:
- name: docker-sock
mountPath: /var/run
securityContext:
privileged: true
volumes:
- name: docker-sock
hostPath:
path: /var/run
containers:
- name: pause
image: gcr.io/google_containers/pauseIf that truly is not amenable to your test clusters, then we can talk about a flag to pass some pullable busybox image tag. |
|
@estroz This would become part of the SDK? Even still, I don't see how it helps, we will still be rated limited. Surely, the best option is to allow the image to be configured so it can be pulled from a different repository. |
|
You'd apply this DaemonSet to your cluster yourself. Wouldn't this solve rate limiting since |
|
@estroz It doesn't seem like a valid solution for two reasons.
But there are other places where user can configure the image. For example, the olm.config.yaml also user to specify the scorecard image. I think it's pretty reasonable to allow images to be pulled from a proxy. |
|
If my solution really is that painful, then I am ok with adding an |
|
@jmccormick2001 @theishshah how do you feel about this? |
|
@estroz |
|
I think it would be good to allow images to be overrode via a setting in the config.yaml file. In the same way we let users specify their test images, but this would be a global setting in that config file instead of a per-test setting. |
estroz
added
kind/feature
|
@theishshah do you want to work on this feature? If so, put this in an upcoming release milestone. |
jberkhahn
added
good first issue
jmrodri
removed
good first issue
|
@jberkhahn @estroz is somebody already working on this issue? |
|
Nope! Would you like to take this on? If so, feel free to |
|
Hi, we've been encountering this problem a lot during operator testing and it's causing false negative results in the operator testing pipelines. Is this issue planned to be handled soon? |
|
Since #5306 was merged, we could probably close this issue as well. |
|
/close |
|
@estroz: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Bug Report
What did you do?
operator-sdk scorecard bundle
What did you expect to see?
Output from scorecard
What did you see instead? Under which circumstances?
"error running tests context deadline exceeded". This is because the pulling the busybox image from docker.io is rate limited.
"Failed to pull image "docker.io/busybox:1.33.0": rpc error: code = Unknown desc = Error loading manifest for target platform: Error reading manifest sha256:eccadc4fb09194c8163cfb7edcd9727933104e86da2ba8ad076732e5e3702a6a in docker.io/library/busybox: toomanyrequests"
Environment
Operator type:
language go
Kubernetes cluster type:
OpenShift
$ operator-sdk versionoperator-sdk version: "v1.7.0", commit: "9291297d89deae7b85a5c2ac4b418a049ba90f7e", kubernetes version: "1.19.4", go version: "go1.15.5", GOOS: "darwin", GOARCH: "amd64"
$ go version(if language is Go)go version go1.15.8 darwin/amd64
$ kubectl versionClient Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-13T11:51:44Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0+7070803", GitCommit:"70708036fc265771f8d0a45598209018a8b9bd3e", GitTreeState:"clean", BuildDate:"2020-12-05T12:01:07Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
Possible Solution
Provide a configuration option to pull the image from a docker proxy. Presently it's hardcoded into the code
The text was updated successfully, but these errors were encountered: