-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
issues working with the OpenShift internal image registry #466
Comments
I think the first problem (missing service) is included in dotnet/sdk#32371 as part of another issue reported on this repo, and the second problem (missing auth header) is part of dotnet/sdk#33500 - want to take a look at those and see if that assessment matches what you see? |
The internal registry doesn't include the |
👍 Yes, this fixes the issue with the upload by using the the cached header. |
dotnet/sdk#32371 is almost certainly not going to make 7.0.400, but we should retarget it and try to get it into 8.0.100. The auth header part of this issue has been merged now. |
I've included a suggestion that will fix the issue with the OpenShift internal registry: https://github.com/dotnet/sdk/pull/32371/files#r1241825861. If it would be of help, I can port the PR to 8.0. |
That would be lovely @tmds. The real blocker is I am having a hard time getting the test working in CI - the test is supposed to configure and run a local registry that is configured to trigger the problem (a non-URI realm) and then verify that we can still communicate with the local registry, but the CI runner isn't correctly standing up the local registry. |
I'll look into this next week. |
@tmds had a chance to validate this in the live version of the container tooling? I expect it to work great, just looking to close out old issues. |
I ran the tooling successfully against the internal registry. |
Love to see it 💯 |
OpenShift container platform comes with an internal image registry.
I tried using the sdk container tooling with it and ran in two authentication related issues:
The registry doesn't include
service
on theWWW-Authenticate
header. andAuthHandshakeMessageHandler
handles this as a required parameter.Maybe we can relax this, and treat is similar to
scope
?When the blob uploads are performed, the registry doesn't like receiving a blob without an authentication header. It forcibly closes the TCP connection. In this case the
AuthHandshakeMessageHandler
won't make another attempt to add an authentication header.Probably by the time we're uploading blobs we can add the authentication headers on the first request?
That will also save a round-trip to the server.
cc @baronfel
The text was updated successfully, but these errors were encountered: