Ingress

Support
#1

No able to login to registry :

pulp 3:

Error

Error: authenticating creds for “artifacts.test.tech”: Get “http://pulp-api-svc.pulp.svc.cluster.local:24817/token/?account=admin&service=artifacts.test.tech”: dial tcp: lookup pulp-api-svc.pulp.svc.cluster.local on 10.10.12.11:53: no such host***

I am using istio as service mesh

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: pulp-vs
namespace: pulp
spec:
gateways:

  • istio-system/istiogateway
    hosts:
  • artifacts.abc.tech
    http:
  • match:
    • uri:
      prefix: /pulp/content/
      route:
    • destination:
      host: pulp-content-svc
      port:
      number: 24816
  • match:
    • uri:
      prefix: /pulp/api/v3/
    • uri:
      prefix: /auth/login/
    • uri:
      prefix: /
    • uri:
      prefix: /pulp_ansible/galaxy/
    • uri:
      prefix: /v2/
    • uri:
      prefix: /extensions/v2/
    • uri:
      prefix: /token/
    • uri:
      prefix: /pypi/
      route:
    • destination:
      host: pulp-api-svc
      port:
      number: 24817
#2

Hi @chethan! Would you mind specifying more details? What are you trying to accomplish? Are you using pulp_container? Which commands have you tried to execute?

#3

@lubosmj
i am trying to use pulp as docker hub, I want to push my image to pulp, so i ran podman login command

#4

The token server is usually exposed at the very same endpoint (e.g., registry.io/token/) as the registry itself. Would you mind sharing the Pulp settings file?

When you manually send a GET request at “http://localhost:24817/v2/” (replace the registry URL if needed), by default, the registry returns the WWW-Authenticate header with the information required to authenticate. If you send another GET request to the token server, like “http://localhost:24817/token/?service=pulp3-source-fedora31.localhost.example.com”, it returns the token that can be used for pulling content. Could you paste here the headers and responses for the respective GET requests?

Learn more at Authentication — Pulp Container Support 2.14.3 documentation.

#5

Try to check your ingress configuration. Also, verify your DNS settings: lookup pulp-api-svc.pulp.svc.cluster.local on 10.10.12.11:53: no such host.

#6

Hi @chethan,

From the pulp-api-svc.pulp.svc.cluster.local hostname I suspect this is a k8s installation, right?

If so, in addition to lubosmj questions can you please do the following steps and send us the outputs so that we can have more information on the cluster status:

  • verify if the api pod is fine and its status
$ kubectl -npulp exec deployment/pulp-api -- curl -sL localhost:24817/pulp/api/v3/status/
$ kubectl -npulp exec deployment/pulp-api -- curl -sL pulp-api-svc.pulp.svc.cluster.local:24817/pulp/api/v3/status/
  • verify the svc endpoints
$ kubectl -npulp get ep pulp-api-svc
  • try to reach the svc by forwarding the requests
$ kubectl -npulp port-forward svc/pulp-api-svc 24817:24817 &
$ echo 127.0.0.1  pulp-api-svc.pulp.svc.cluster.local | sudo tee -a /etc/hosts
$ podman login .... (the same test you were doing before)
#8

Screenshot 2023-03-01 at 5.18.23 PM
Screenshot 2023-03-01 at 5.18.23 PM1711×993 373 KB

kubectl -npulp exec deployment/pulp-api – curl -sL pulp-api-svc.pulp.svc.cluster.local:24817/pulp/api/v3/status/

{“versions”:[{“component”:“core”,“version”:“3.22.2”,“package”:“pulpcore”},{“component”:“rpm”,“version”:“3.18.10”,“package”:“pulp-rpm”},{“component”:“python”,“version”:“3.8.0”,“package”:“pulp-python”},{“component”:“deb”,“version”:“2.20.1”,“package”:“pulp_deb”},{“component”:“container”,“version”:“2.14.3”,“package”:“pulp-container”},{“component”:“file”,“version”:“1.11.3”,“package”:“pulp-file”},{“component”:“certguard”,“version”:“1.5.6”,“package”:“pulp-certguard”},{“component”:“ansible”,“version”:“0.16.0”,“package”:“pulp-ansible”},{“component”:“maven”,“version”:“0.3.3”,“package”:“pulp-maven”}],“online_workers”:[{“pulp_href”:"/pulp/api/v3/workers/fb13d2d4-c955-4dd9-b7b8-60d919cd1d5d/",“pulp_created”:“2023-02-03T06:07:32.574968Z”,“name”:“1@pulp-worker-75b8d47f7b-b84qd”,“last_heartbeat”:“2023-03-01T11:39:07.449013Z”,“current_task”:null}],“online_content_apps”:[{“name”:“16@pulp-content-fb68c7bb-8mctw”,“last_heartbeat”:“2023-03-01T11:39:08.140097Z”},{“name”:“15@pulp-content-fb68c7bb-8mctw”,“last_heartbeat”:“2023-03-01T11:39:06.061035Z”}],“database_connection”:{“connected”:true},“redis_connection”:{“connected”:false},“storage”:null,“content_settings”:{“content_origin”:“http://pulp-web-svc.pulp.svc.cluster.local:24880”,“content_path_prefix”:"/pulp/content/"}}%

kubectl -npulp get ep pulp-api-svc

NAME ENDPOINTS AGE
pulp-api-svc 192.*.170.208:24817 42d

echo 127.0.0.1 pulp-api-svc.pulp.svc.cluster.local | sudo tee -a /etc/hosts
Password:

#9

@chethan, it looks like Pulp is running without any problems. What was the result of executing podman login .... (the same test you were doing before), as @hyagi suggested?

#10

Hi @chethan,

Thank you for the outputs. It seems like Pulp is running fine, but you didn’t send us the output from the podman login (or podman push tests that you were trying to do).

Since Pulp is running and the service is answering the requests, maybe the problem is with your VirtualService configuration, but this is just a guess (my knowledge of service mesh is very limited). Did you configure the Destination Rules for pulp-api-svc?

#11

@lubosmj @hyagi
This is the command i am running
podman login -u admin -p ZN3C85JoxCWapBr3JZmDAL2CffDxrzRu https://artifacts.abc.tech
Error
Error: authenticating creds for “artifacts.bac.tech”: Get “http://pulp-api-svc.pulp.svc.cluster.local:24817/token/?account=admin&service=artifacts.314ecorp.tech”: dial tcp: lookup pulp-api-svc.pulp.svc.cluster.local on 10.10.12.11:53: no such host

#12

Thanks for attaching the outputs.

Would you mind also give us answers to the following questions as well?

  1. Did you configure the Destination Rules for pulp-api-svc?

  2. When you manually send a GET request at “http://localhost:24817/v2/” (replace the registry URL if needed), by default, the registry returns the WWW-Authenticate header with the information required to authenticate. If you send another GET request to the token server, like “http://localhost:24817/token/?service=pulp3-source-fedora31.localhost.example.com”, it returns the token that can be used for pulling content. Could you paste here the headers and responses for the respective GET requests?