You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@airflow.apache.org by lewis john mcgibbney <le...@apache.org> on 2022/01/18 22:29:11 UTC
Using the Helm Chart to pull images from Artifactory
Hi users@,
We are migrating from Quay [0] to JFrog Artifactory [1] and having some
issues using the 'registry' block of the Helm Chart values.yaml
https://github.com/apache/airflow/blob/main/chart/values.yaml#L1262-L1263
When using Quay, we created an Opaque Kuberenetes secret which was defined
as follows
# Auth secret for a private registry
# This is used if pulling airflow images from a private registry
registry:
secretName: mycompany-quay-secretname
Now when we attempt to pull the images from Artifactory using a different
Opaque secret
registry:
secretName: mycompany-artifactory-secretname
We get the following
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 26s default-scheduler
Successfully assigned airflow-test/airflow-run-airflow-migrations-cgfx7 to
....compute.internal
Normal Pulling 12s (x2 over 23s) kubelet pulling
image "image_name/airflow-test:0.0.1.24"
Warning Failed 12s (x2 over 23s) kubelet Failed to
pull image "image_name/airflow-test:0.0.1.24": rpc error: code = Unknown
desc = Error response from daemon: unauthorized: The client does not have
permission for manifest
Warning Failed 12s (x2 over 23s) kubelet Error:
ErrImagePull
Normal BackOff 3s (x3 over 17s) kubelet Back-off
pulling image "image_name/airflow-test:0.0.1.24"
Warning Failed 3s (x3 over 17s) kubelet Error:
ImagePullBackOff
Normal SandboxChanged 1s (x5 over 21s) kubelet Pod
sandbox changed, it will be killed and re-created.
I'll also note that the host machine running Helm is also authenticated
with Artifactory by performing the docker login.
Has anyone experienced this before? Thanks for any assistance.
[0] https://quay.io/
[1] https://jfrog.com/artifactory/
--
http://home.apache.org/~lewismc/
http://people.apache.org/keys/committer/lewismc