New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AKS Containerd localhost behavior different than upstream? #3303

Closed

jeff-mccoy opened this issue Nov 3, 2022 · 21 comments

Labels

action-required Needs Attention 👋 question stale

jeff-mccoy commented Nov 3, 2022

Zarf uses a NodePort bound to 127.0.0.1 to connect to a local registry. On all other containerd-based clusters this allows us to point to 127.0.0.1 and containerd will use http instead of https. It seems there is something different happening on the azure version of containerd, even running crictl pull in a debug node on AKS demonstrates this behavior. Previously, this was not on an issue on AKS, but that was early this year. Is there something special that the Azure version of containerd is doing with localhost that differs from the upstream? Also is there a way to change this behavior or specify an insecure registry for localhost?

Related issues for zarf:

The text was updated successfully, but these errors were encountered:

jeff-mccoy added the question label

Author

jeff-mccoy commented Nov 7, 2022

Update: looks like this was a bug that is now fixed in Containerd.

containerd/containerd#7438

jeff-mccoy mentioned this issue

Zarf-Seed-Registry Installation Fails on Init with Deployment is not ready: zarf/zarf-docker-registry error defenseunicorns/zarf#592

Open

ghost added the action-required label

ghost commented Dec 8, 2022

Action required from @Azure/aks-pm

ghost added the Needs Attention 👋 label

ghost commented Dec 23, 2022

Issue needing attention of @Azure/aks-leads

2 similar comments

ghost commented Jan 7, 2023

Issue needing attention of @Azure/aks-leads

ghost commented Jan 22, 2023

Issue needing attention of @Azure/aks-leads

Author

jeff-mccoy commented Feb 1, 2023

Also may be a security concern: GHSA-2qjp-425j-52j9.

ghost commented Feb 16, 2023

Issue needing attention of @Azure/aks-leads

11 similar comments

ghost commented Mar 3, 2023

Issue needing attention of @Azure/aks-leads

ghost commented Mar 18, 2023

Issue needing attention of @Azure/aks-leads

ghost commented Apr 2, 2023

Issue needing attention of @Azure/aks-leads

ghost commented Apr 18, 2023

Issue needing attention of @Azure/aks-leads

ghost commented May 4, 2023

Issue needing attention of @Azure/aks-leads

ghost commented May 19, 2023

Issue needing attention of @Azure/aks-leads

ghost commented Jun 3, 2023

Issue needing attention of @Azure/aks-leads

ghost commented Jun 18, 2023

Issue needing attention of @Azure/aks-leads

ghost commented Jul 4, 2023

Issue needing attention of @Azure/aks-leads

ghost commented Jul 19, 2023

Issue needing attention of @Azure/aks-leads

ghost commented Aug 3, 2023

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service bot added the stale label

Contributor

microsoft-github-policy-service bot commented Feb 2, 2024

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

Contributor

microsoft-github-policy-service bot commented Feb 2, 2024

Issue needing attention of @Azure/aks-leads

Contributor

microsoft-github-policy-service bot commented Feb 9, 2024

This issue will now be closed because it hasn't had any activity for 7 days after stale. jeff-mccoy feel free to comment again on the next 7 days to reopen or open a new issue after that time if you still have a question/issue or suggestion.

microsoft-github-policy-service bot closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment