TeslaCN opened a new issue #1357: How can I modify registries in buildah container? URL: https://github.com/apache/camel-k/issues/1357 After Java code compiled. The pod `camel-k-kit-bpp3c3g3g14ct1jabkqg-builder` is running, and its logs: ``` STEP 1: FROM adoptopenjdk/openjdk8:slim Getting image source signatures Copying blob sha256:b6b53be908de2c0c78070fff0a9f04835211b3156c4e73785747af365e71a0d7 Copying blob sha256:de83a2304fa1f7c4a13708a0d15b9704f5945c2be5cbb2b3ed9b2ccb718d0b3d Copying blob sha256:f9a83bce3af0648efaa60b9bb28225b09136d2d35d0bed25ac764297076dec1b Copying blob sha256:4d679ae892a6eb412427ad0c21b73f14de1311f5ad671b9cf7c66ee24b4b67e8 Copying blob sha256:423ae2b273f4c17ceee9e8482fa8d071d90c7d052ae208e1fe4963fceb3d6954 Copying blob sha256:881b78aa6eae20710f3491bde3110259ae7a3ced4676a061357b37fd4860cc67 Copying blob sha256:741d43bb9b48d55ea245e4b34190a28e301b4e6c26647ed34fdd728f804697c5 error creating build container: The following failures happened while trying to pull image specified by "adoptopenjdk/openjdk8:slim" based on search registries in /etc/containers/registries.conf: * "localhost/adoptopenjdk/openjdk8:slim": Error initializing source docker://localhost/adoptopenjdk/openjdk8:slim: error pinging docker registry localhost: Get http://localhost/v2/: dial tcp 127.0.0.1:80: connect: connection refused * "docker.io/adoptopenjdk/openjdk8:slim": Error writing blob: error storing blob to file "/var/tmp/storage273321107/5": read tcp 10.240.0.67:44828->104.18.124.25:443: read: connection reset by peer * "registry.fedoraproject.org/adoptopenjdk/openjdk8:slim": Error initializing source docker://registry.fedoraproject.org/adoptopenjdk/openjdk8:slim: Error reading manifest slim in registry.fedoraproject.org/adoptopenjdk/openjdk8: manifest unknown: manifest unknown * "registry.access.redhat.com/adoptopenjdk/openjdk8:slim": Error initializing source docker://registry.access.redhat.com/adoptopenjdk/openjdk8:slim: Error reading manifest slim in registry.access.redhat.com/adoptopenjdk/openjdk8: name unknown: Repo not found * "registry.centos.org/adoptopenjdk/openjdk8:slim": Error initializing source docker://registry.centos.org/adoptopenjdk/openjdk8:slim: Error reading manifest slim in registry.centos.org/adoptopenjdk/openjdk8: manifest unknown: manifest unknown * "quay.io/adoptopenjdk/openjdk8:slim": Error initializing source docker://quay.io/adoptopenjdk/openjdk8:slim: Error reading manifest slim in quay.io/adoptopenjdk/openjdk8: unauthorized: access to the requested resource is not authorized level=error msg="exit status 1" ``` kamel install args: ```bash kamel install --registry hyper-sia.lo:5000 --registry-insecure --build-timeout 1h --maven-settings=configmap:maven-settings/settings.xml --save -n camel-k ``` I found a file named `/etc/containers/registries.conf` in the builder pod: ```toml # For more information on this configuration file, see containers-registries.conf(5). # # There are multiple versions of the configuration syntax available, where the # second iteration is backwards compatible to the first one. Mixing up both # formats will result in an runtime error. # # The initial configuration format looks like this: # # Registries to search for images that are not fully-qualified. # i.e. foobar.com/my_image:latest vs my_image:latest [registries.search] registries = ['docker.io', 'registry.fedoraproject.org', 'registry.access.redhat.com', 'registry.centos.org', 'quay.io'] # Registries that do not use TLS when pulling images or uses self-signed # certificates. [registries.insecure] registries = [] # Blocked Registries, blocks the `docker daemon` from pulling from the blocked registry. If you specify # "*", then the docker daemon will only be allowed to pull from registries listed above in the search # registries. Blocked Registries is deprecated because other container runtimes and tools will not use it. # It is recommended that you use the trust policy file /etc/containers/policy.json to control which # registries you want to allow users to pull and push from. policy.json gives greater flexibility, and # supports all container runtimes and tools including the docker daemon, cri-o, buildah ... # The atomic CLI `atomic trust` can be used to easily configure the policy.json file. [registries.block] registries = [] # The second version of the configuration format allows to specify registry # mirrors: # # # An array of host[:port] registries to try when pulling an unqualified image, in order. # unqualified-search-registries = ["example.com"] # # [[registry]] # # The "prefix" field is used to choose the relevant [[registry]] TOML table; # # (only) the TOML table with the longest match for the input image name # # (taking into account namespace/repo/tag/digest separators) is used. # # # # If the prefix field is missing, it defaults to be the same as the "location" field. # prefix = "example.com/foo" # # # If true, unencrypted HTTP as well as TLS connections with untrusted # # certificates are allowed. # insecure = false # # # If true, pulling images with matching names is forbidden. # blocked = false # # # The physical location of the "prefix"-rooted namespace. # # # # By default, this equal to "prefix" (in which case "prefix" can be omitted # # and the [[registry]] TOML table can only specify "location"). # # # # Example: Given # # prefix = "example.com/foo" # # location = "internal-registry-for-example.net/bar" # # requests for the image example.com/foo/myimage:latest will actually work with the # # internal-registry-for-example.net/bar/myimage:latest image. # location = internal-registry-for-example.com/bar" # # # (Possibly-partial) mirrors for the "prefix"-rooted namespace. # # # # The mirrors are attempted in the specified order; the first one that can be # # contacted and contains the image will be used (and if none of the mirrors contains the image, # # the primary location specified by the "registry.location" field, or using the unmodified # # user-specified reference, is tried last). # # # # Each TOML table in the "mirror" array can contain the following fields, with the same semantics # # as if specified in the [[registry]] TOML table directly: # # - location # # - insecure # [[registry.mirror]] # location = "example-mirror-0.local/mirror-for-foo" # [[registry.mirror]] # location = "example-mirror-1.local/mirrors/foo" # insecure = true # # Given the above, a pull of example.com/foo/image:latest will try: # # 1. example-mirror-0.local/mirror-for-foo/image:latest # # 2. example-mirror-1.local/mirrors/foo/image:latest # # 3. internal-registry-for-example.net/bar/myimage:latest # # in order, and use the first one that exists. ``` How can I modify the registries?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
