Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cri_keychain: preserve access to private registries across restart #1990

Open
ktock opened this issue Feb 22, 2025 · 0 comments
Open

cri_keychain: preserve access to private registries across restart #1990

ktock opened this issue Feb 22, 2025 · 0 comments
Labels
enhancement New feature or request

Comments

@ktock
Copy link
Member

ktock commented Feb 22, 2025

Issue

Currently cri keychain holds registry creds only on memory. When stargz-snapshotter restarts, it doesn't have registry creds anymore so it starts to fail to access to the regisry. We should fix this behaviour to prevent issues like #1989 and #1584 (comment) .

Current workaround

  • A. Use other authentication methods like dockerconfig-based one or kubeconfig-based one that enables the snapshotter to acquire creds during restarting.
  • B. Add a configuration to allow stargz-snapshotter to start even with restoration failure: 
    [snapshotter]
allow_invalid_mounts_on_restart = true
    Note: the user need to manually remove these (possibly empty) broken images after stargz-snapshotter started, using ctr image rm <image-name>. See also Allow manually remove invalid snapshots on restore #901
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ktock