You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/10/21 15:32:24 UTC

[GitHub] [airflow] m0bi5 opened a new issue #11722: KubernetesPodOperator unable to pull image from private registry

m0bi5 opened a new issue #11722:
URL: https://github.com/apache/airflow/issues/11722


   <!--
   
   Welcome to Apache Airflow!  For a smooth issue process, try to answer the following questions.
   Don't worry if they're not all applicable; just try to include what you can :-)
   
   If you need to include code snippets or logs, please put them in fenced code
   blocks.  If they're super-long, please use the details tag like
   <details><summary>super-long log</summary> lots of stuff </details>
   
   Please delete these comment blocks before submitting the issue.
   
   -->
   
   <!--
   
   IMPORTANT!!!
   
   PLEASE CHECK "SIMILAR TO X EXISTING ISSUES" OPTION IF VISIBLE
   NEXT TO "SUBMIT NEW ISSUE" BUTTON!!!
   
   PLEASE CHECK IF THIS ISSUE HAS BEEN REPORTED PREVIOUSLY USING SEARCH!!!
   
   Please complete the next sections or the issue will be closed.
   These questions are the first thing we need to know to understand the context.
   
   -->
   
   **Apache Airflow version**:
   v2-0-0dev
   
   **Kubernetes version (if you are using kubernetes)** (use `kubectl version`):
   1.15
   
   - **Cloud provider or hardware configuration**:
   - **OS** (e.g. from /etc/os-release): Debian GNU/Linux 10 (buster)
   - **Kernel** (e.g. `uname -a`): x86_64 GNU/Linux
   
   **What happened**:
   I am trying to deploy the `KubernetesPodOperator` in a kubernetes cluster (Rancher) through the `airflow dags test` command. The pod gets deployed successfully when I pull the image from `docker.io`, however, when I try to pull an image from a private GitLab registry, I get the following error-
   
   ```
   Traceback (most recent call last):
     File "/home/airflow/.local/lib/python3.7/site-packages/airflow/executors/debug_executor.py", line 83, in _run_task
       job_id=ti.job_id, **params
     File "/home/airflow/.local/lib/python3.7/site-packages/airflow/utils/session.py", line 65, in wrapper
       return func(*args, **kwargs)
     File "/home/airflow/.local/lib/python3.7/site-packages/airflow/models/taskinstance.py", line 1076, in _run_raw_task
       self._prepare_and_execute_task_with_callbacks(context, task)
     File "/home/airflow/.local/lib/python3.7/site-packages/airflow/models/taskinstance.py", line 1198, in _prepare_and_execute_task_with_callbacks
       result = self._execute_task(context, task_copy)
     File "/home/airflow/.local/lib/python3.7/site-packages/airflow/models/taskinstance.py", line 1243, in _execute_task
       result = task_copy.execute(context=context)
     File "/home/airflow/.local/lib/python3.7/site-packages/airflow/providers/cncf/kubernetes/operators/kubernetes_pod.py", line 292, in execute
       final_state, _, result = self.create_new_pod_for_operator(labels, launcher)
     File "/home/airflow/.local/lib/python3.7/site-packages/airflow/providers/cncf/kubernetes/operators/kubernetes_pod.py", line 424, in create_new_pod_for_operator
       startup_timeout=self.startup_timeout_seconds)
     File "/home/airflow/.local/lib/python3.7/site-packages/airflow/kubernetes/pod_launcher.py", line 108, in start_pod
       resp = self.run_pod_async(pod)
     File "/home/airflow/.local/lib/python3.7/site-packages/airflow/kubernetes/pod_launcher.py", line 84, in run_pod_async
       raise e
     File "/home/airflow/.local/lib/python3.7/site-packages/airflow/kubernetes/pod_launcher.py", line 79, in run_pod_async
       namespace=pod.metadata.namespace, **kwargs)
     File "/home/airflow/.local/lib/python3.7/site-packages/kubernetes/client/api/core_v1_api.py", line 6174, in create_namespaced_pod
       (data) = self.create_namespaced_pod_with_http_info(namespace, body, **kwargs)  # noqa: E501
     File "/home/airflow/.local/lib/python3.7/site-packages/kubernetes/client/api/core_v1_api.py", line 6265, in create_namespaced_pod_with_http_info
       collection_formats=collection_formats)
     File "/home/airflow/.local/lib/python3.7/site-packages/kubernetes/client/api_client.py", line 345, in call_api
       _preload_content, _request_timeout)
     File "/home/airflow/.local/lib/python3.7/site-packages/kubernetes/client/api_client.py", line 176, in __call_api
       _request_timeout=_request_timeout)
     File "/home/airflow/.local/lib/python3.7/site-packages/kubernetes/client/api_client.py", line 388, in request
       body=body)
     File "/home/airflow/.local/lib/python3.7/site-packages/kubernetes/client/rest.py", line 278, in POST
       body=body)
     File "/home/airflow/.local/lib/python3.7/site-packages/kubernetes/client/rest.py", line 231, in request
       raise ApiException(http_resp=r)
   kubernetes.client.rest.ApiException: (400)
   Reason: Bad Request
   HTTP response headers: HTTPHeaderDict({'Content-Length': '471', 'Content-Type': 'application/json', 'Date': 'Wed, 21 Oct 2020 15:17:59 GMT', 'X-Content-Type-Options': 'nosniff'})
   HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Pod in version \"v1\" cannot be handled as a Pod: v1.Pod.Spec: v1.PodSpec.ImagePullSecrets: []v1.LocalObjectReference: decode slice: expect [ or n, but found \", error found in #10 byte of ...|ecrets\": \"ndc-t8nwp\"|..., bigger context ...|\"}]}], \"hostNetwork\": false, \"imagePullSecrets\": \"ndc-t8nwp\", \"initContainers\": [], \"nodeSelector\": |...","reason":"BadRequest","code":400}
   ```
   
   **What you expected to happen**:
   It seems like a kubernetes API issue, not 100% sure, but I expect the pod to get deployed.
   
   **How to reproduce it**:
   This is my `test_dag.py` which I am running through CLI, you can see two tasks here, one of them pulls the image from `docker.io` and the other one pulls it from a private registry. 
   
   NOTE: The secret is present when I run the `kubectl get secrets` command. Apart from that, I am also able to pull the image from the private registry and deploy the pods using `kubectl` 
   
   ```
   container_registry_secret = 'my-secret'
   with DAG(dag_id='test-kube-pod', schedule_interval="@once", start_date=datetime.datetime.now()) as dag:
       #This task completes
       task1 = KubernetesPodOperator(
   		name='airflow-spawned-pod1',
   		namespace='test',
   		image='alpine:latest',
   		task_id='test',
   	)
       #This task throws an error
       task2 = KubernetesPodOperator(
   		name='airflow-spawned-pod2',
   		namespace='test',
   		image='private_registry/image', #Placeholder for the actual URL
   		image_pull_secrets=container_registry_secret,
   		task_id='test2',
   	)
   task1 >> task2
   
   ```
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] m0bi5 commented on issue #11722: KubernetesPodOperator unable to pull images from a private container registry

Posted by GitBox <gi...@apache.org>.

m0bi5 commented on issue #11722:
URL: https://github.com/apache/airflow/issues/11722#issuecomment-713677114


   Fixed it by setting `image_pull_secrets` to a list of `kubernetes.client.models.V1LocalObjectReference()` instead of a plain string. Not sure if it changed in v2, but the [v1.10 docs](http://airflow.apache.org/docs/stable/_api/airflow/contrib/operators/kubernetes_pod_operator/index.html) says that it is expected to be a string. 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] boring-cyborg[bot] commented on issue #11722: KubernetesPodOperator unable to pull image from private registry

Posted by GitBox <gi...@apache.org>.

boring-cyborg[bot] commented on issue #11722:
URL: https://github.com/apache/airflow/issues/11722#issuecomment-713662524


   Thanks for opening your first issue here! Be sure to follow the issue template!
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] m0bi5 closed issue #11722: KubernetesPodOperator unable to pull images from a private container registry

Posted by GitBox <gi...@apache.org>.

m0bi5 closed issue #11722:
URL: https://github.com/apache/airflow/issues/11722


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org