Running magnum in Yoga deployed via kolla-AnsibIe I use the same approach with a local registry. The list of containers in the magnum documentation is not 100% complete. It really speeds up the deployment time. But I faced an issue yesterday when choosing containerd as a CRI. The local registry is http (insecure). Seems that even though I set an insecure registry containerd doesn’t like it an complains about an insecure registry. Just in case you are using containerd and step over the same problem.

Cheers
Oliver

Von meinem iPhone gesendet

Am 24.02.2023 um 01:53 schrieb Michael Knox <michael@knox.net.nz>:


Echo'ing Mohammed's comment, we will always deploy a local container reg to help speed things up and to keep things consistent during a deployment or upgrade. 

Cheers
Michael 

On Thu, Feb 23, 2023 at 7:46 PM Mohammed Naser <mnaser@vexxhost.com> wrote:
Hi Vivian,

We’ve found that running deployment local container registry speeds up the deployment and makes it more reliable too!

Thanks
Mohammed

On Thu, Feb 23, 2023 at 7:35 PM Vivian Rook <vrook@wikimedia.org> wrote:
We ran into a problem while deploying magnum when another project exhausted the dockerhub limit on anonymous pulls from a few of the kube-system pods that are deployed. Namely:
daemonset.apps/k8s-keystone-auth
daemonset.apps/openstack-cloud-controller-manager
deployment.apps/kubernetes-dashboard
deployment.apps/dashboard-metrics-scraper

This would fail with an error noting that dockerhub was blocking the request as too many pulls had happened. We could get around this by adding in a secret with a docker login, and editing those deployments and daemonsets to use that credential.

It would appear the container_infra_prefix label can be modified to point to a different registry. Though this would mean we would have to clone all of the images, including images that are from registries other than dockerhub. Leading me to wonder if there isn't an existing registry that one can use using magnum, on quay.io or some host that isn't limiting pulls?

Alternatively, is it possible that the dockerhub images that do not pull (some do, coredns for instance does, I suspect it is due to it having "Sponsored OSS" status on dockerhub) without limits could be hosted elsewhere? Or perhaps already are and the default that magnum sets to pull could be updated to those?

Alternatively, alternatively, I haven't found an option for giving a dockerhub user/pass to magnum in the documentation, and looking at the code it doesn't appear that there is a variable for one, so I suspect it is not there. Could such an option be added?

Thank you

--
Vivian Rook (They/Them)
Site Reliability Engineer
--
Mohammed Naser
VEXXHOST, Inc.