New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot use IPv6 literal in registry mirror endpoint #10055
Comments
Use of IPv6 literals in the image name works in Kubernetes 1.29, which uses state:
waiting:
message: 'Failed to apply default image tag "[fd7c:53a5:aef5::242:ac11:7]/rancher/mirrored-coredns-coredns:1.10.1":
couldn''t parse image name "[fd7c:53a5:aef5::242:ac11:7]/rancher/mirrored-coredns-coredns:1.10.1":
invalid reference format'
reason: InvalidImageName This is unrelated to the issue of needing to support IPv6 addresses in mirror endpoints though. |
Thanks @aojea for getting this working in distribution and eventually kubernetes ;) |
fwiw go-toml itself doesn't handle round-trip this properly either. There does not appear to be any way to escape characters in table keys. package main
import (
"fmt"
"github.com/pelletier/go-toml"
)
type Entry struct {
Foo string
}
type Thing struct {
Entries map[string]Entry
}
func main() {
foo := Thing{
Entries: map[string]Entry{
"https://[::1]/v2": {
Foo: "foo",
},
},
}
b, err := toml.Marshal(foo)
fmt.Printf("Marshal error=%v\n%s\n", err, b)
err = toml.Unmarshal(b, &foo)
fmt.Printf("Unmarshal error=%v\n", err)
}
|
Added a very hacky proposed fix in #10072 |
@samuelkarp would you prefer to discuss the preferred approach to this here? I'll paste what I said on the PR:
Since containerd 2.0 isn't out yet, now might be a good time to fix this. |
I agree.
If so, we'll need to get it done and in fairly quickly; 2.0.0-rc.0 is already out and we've tried to give advance warning of breaking changes like this. It may be more feasible to add an override, or to try and fix the port-parsing such that a valid IPv6 address is not mistaken for something with a port appended. @dmcgowan I'd appreciate your thoughts on this. |
I'll have to poke at the go-toml/v2 parser that containerd 2.0 uses, but I was considering trying to get it to support both the existing I should have some cycles for a POC next week. |
Description
If I want to use an IPv6 address as a registry endpoint mirror using certs.d / hosts.toml, I would expect to be able to do the following:
This fails to load because square braces are not valid in TOML keys:
I tried removing the braces but this does not appear to work either:
It appears that the URL is being mis-parsed; the final octet of the IPv6 address literal is being used as the port. Appending the port results in slightly different wrong behavior - the dial succeeds, but the server does not process the request.
Pulling the image directly seems to work OK, as the host is already properly escaped:
Steps to reproduce the issue
See above
Describe the results you received and expected
Can use an IPv6 address literal in the mirror endpoint URI
What version of containerd are you using?
v1.7.11-k3s2
Any other relevant information
Tracking this in k3s as k3s-io/k3s#9897
Show configuration if it is related to CRI plugin.
No response
The text was updated successfully, but these errors were encountered: