deis / registry Goto Github PK

Docker registry for Deis Workflow.

License: MIT License

Makefile 23.28% Shell 1.98% Go 49.19% Python 25.55%

deis-workflow docker-registry kubernetes k8s unsupported

registry's Introduction

	Deis Workflow is no longer maintained. Please read the announcement for more detail.
09/07/2017	Deis Workflow v2.18 final release before entering maintenance mode
03/01/2018	End of Workflow maintenance: critical patches no longer merged
	Hephy is a fork of Workflow that is actively developed and accepts code contributions.

Deis Registry v2

Deis (pronounced DAY-iss) is an open source PaaS that makes it easy to deploy and manage applications on your own servers. Deis builds on Kubernetes to provide a lightweight, Heroku-inspired workflow.

We welcome your input! If you have feedback, please submit an issue. If you'd like to participate in development, please read the "Development" section below and submit a pull request.

About

The registry is a Docker registry component for use in Kubernetes. While it's intended for use inside of the Deis open source PaaS, it's flexible enough to be used as a standalone pod on any Kubernetes cluster.

If you decide to use this component standalone, you can host your own Docker registry in your own Kubernetes cluster.

The Docker image that this repository builds is based on the official Docker v2 registry image.

Development

The Deis project welcomes contributions from all developers. The high level process for development matches many other open source projects. See below for an outline.

Fork this repository
Make your changes
Submit a pull request (PR) to this repository with your changes, and unit tests whenever possible.
- If your PR fixes any issues, make sure you write Fixes #1234 in your PR description (where #1234 is the number of the issue you're closing)
The Deis core contributors will review your code. After each of them sign off on your code, they'll label your PR with LGTM1 and LGTM2 (respectively). Once that happens, the contributors will merge it

Deploying

If you want to use the latest registry image built by they Deis team you can simply start a registry via make deploy.

If however, you want to build and use a custom image see the instructions below.

Build and Deploy

To build a dev release of this image, you will also need a registry to hold the custom images. This can be your own registry, Dockerhub, or Quay.

First, configure your environment to point to the registry location.

$ export DEIS_REGISTRY=myregistry.com:5000  # or quay.io, if using Dockerhub, leave this unset
$ export IMAGE_PREFIX=youruser/             # if using Quay or Dockerhub

To build and push the image run:

$ make docker-build docker-push

To deploy the image via patching the registry deployment run:

$ make deploy

registry's People

Contributors

Stargazers

Watchers

registry's Issues

Implement k8s HealthCheck

Need to add health and liveness checks to the project.

Look for minio and outside storage env vars

follow the lookup rules that builder and workflow use:

if DEIS_MINIO_SERVICE_HOST and DEIS_MINIO_SERVICE_PORT exist, use those for the S3 location
if DEIS_OUTSIDE_STORAGE_HOST and DEIS_OUTSIDE_STORAGE_PORT, exist, use those for the S3 location

Registry restarts a few times while waiting for minio, but the errors it shows are now very user friendly

Registry restarted 3 times while waiting for minio (or any of the other health checks) to pass and while looking at the logs I wasn't at first sure if it was legimiate failures or not

k logs --previous deis-registry-cy5ob
2016/03/25 23:36:54 INFO: Starting registry...
2016/03/25 23:36:54 INFO: using minio as the backend
2016/03/25 23:36:54 INFO: registry started.
panic: RequestError: send request failed
caused by: Put http://10.3.0.195:9000/registry: read tcp 172.18.1.182:46166->10.3.0.195:9000: read: connection reset by peer

goroutine 1 [running]:
github.com/docker/distribution/registry/handlers.NewApp(0x7fa53e0b8678, 0xc820334cc0, 0xc820073340, 0x7fa53e0b8678)

Having something friendlier may be a good idea

Version 2.3.x makes deployment/deis-registry fail

I had Deis 2.8 installed. Recently I've installed 2.9 instead via helm upgrade and deis-registry stuck in CrashLoopBackOff. The error from the container is as follows: https://gist.github.com/ineu/37abac07168386bbc80496332da45245

DNS works fine in the container. I suspect that there's some issue in extracting host part from the swift.authurl in the 2.3.x, which makes it try to resolve not the host part but a full url.

I managed to fix it by using 2.2 image:

kd set image deploy/deis-registry deis-registry=quay.io/deis/registry:v2.2.4

Can't startup registry with Azure backend

I'm trying to install Deis with Azure Blob but failed.

I re-generated from chart, uninstalled, installed after editing ~/.helmc/workspace/charts/workflow-v2.0.0/tpl/generate_params.toml

The log is like this:

 $ kubectl logs -f deis-registry-34xc6 --namespace=deis 
2016/06/20 00:42:05 INFO: Starting registry...
2016/06/20 00:42:05 INFO: using azure as the backend

But it can't be started up....

$ kubectl get pods --namespace=deis
(snip)
deis-registry-34xc6           0/1       CrashLoopBackOff   11         20m

For checking my account information, I run the docker registry on my node manually with my info.
It seems this works well.

$ docker run -it --rm -p 5000:5000      -e REGISTRY_STORAGE=azure      -e REGISTRY_STORAGE_AZURE_ACCOUNTNAME="{account_name_censored}"      -e 
REGISTRY_STORAGE_AZURE_ACCOUNTKEY="{account_key_censored}"      -e REGISTRY_STORAGE
_AZURE_CONTAINER="registry"      --name=registry      registry:2
WARN[0000] No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable.  go.version=go1.6.2 instance.id=e1485474-39bf-4589-8939-9eb6d5385ef6 version=v2.4.1                                                                                      
INFO[0000] redis not configured                          go.version=go1.6.2 instance.id=e1485474-39bf-4589-8939-9eb6d5385ef6 version=v2.4.1
INFO[0000] Starting upload purge in 23m0s                go.version=go1.6.2 instance.id=e1485474-39bf-4589-8939-9eb6d5385ef6 version=v2.4.1
INFO[0000] listening on [::]:5000                        go.version=go1.6.2 instance.id=e1485474-39bf-4589-8939-9eb6d5385ef6 version=v2.4.1

I think there have some troubles in /bin/registry. But I can't determine as there have few logs.
Could you tell me some tips for shooting this kind of trouble?

"service account deis/deis-registry was not found"

Running gcr off-cluster -- getting this on the registry rs: Error creating: pods "deis-registry-3280823271-" is forbidden: service account deis/deis-registry was not found, retry after the service account is created

Registry Alpha Requirements

The following things need to be done for alpha:

Deployable to K8S: Service def, RC def, repository follows standard Deis pattern
Document installation process in README
Link install instructions to alpha install instructions in deis/workflow
Receive push from the controller

Out of scope:

recoverable storage backend not required
no high-availability
no backups

Publish immutable artifact tags + canary version to Docker registries

We want to have the ability to have deis/charts reference a specific immutable image which will enable us better traceability on issues that come into various components.

What we've done with efforts in other repositories is publish a version:

git-[short sha] that will never be overwritten
canary that will move to reference the latest version available of a component

Examples of the easiest way to roll this change out can be seen in deis/workflow#487, deis/builder#246, and deis/workflow-manager#11

Proposal: containerize the development environment

This is to lower the barrier to entry for hacking on Deis while also standardizing the development environment for all contributors.

Registry restarts over and over when using s3

This is all that is in the logs:

$ k logs deis-registry-83t6c --previous
2016/03/18 01:26:39 INFO: Starting registry...
2016/03/18 01:26:39 INFO: using s3 as the backend
2016/03/18 01:26:39 INFO: registry started.

Multiple Replicas

I recently tried scaling the registry up to increase throughput and redundancy but after doing so pushes started to fail with blob upload unknown. It appears there is some internal state while a push is on-going. To fix the issue, I set sessionAffinity: ClientIP on the deis-registry service. Any reason this would be a bad idea? If not, I can post a pull request adding it to the service template so scaling works out of the box.

Run docker build on all PR builds

Similar to what builder does in its .travis.yml file, minio should run make ... docker-build to ensure that the Dockerfile is correct

Use minio as the default storage backend

Currently registry uses emptydir(filesystem) as the default storage.Instead use minio as the default storage.

Error when pushing docker image to registry

I'm running Workflow v2.10 with a manual patch to use 127.0.0.1 instead of localhost for DEIS_REGISTRY_SERVICE_HOST as mentioned deis/workflow#678 . Everything was working well until today morning i've started to see failures whenever i try to push to an existing branch or create a new app. This is the error that i get when doing the git push

Pushing to registry
{'status': 'The push refers to a repository [127.0.0.1:5555/web-test]'}

remote: 2017/02/16 07:23:21 Error running git receive hook [The controller returned an error when publishing the release: Unknown Error (400): {"detail":"Error while pulling image: Get http://127.0.0.1:5555/v1/repositories/web-test/images: dial tcp 127.0.0.1:5555: getsockopt: connection refused"}]
...
...
size of streamed logs 3918
Waiting for the deis/dockerbuild-web-test-9067a9d2-a0da63ab pod to end. Checking every 100ms for 15m0s
Done
Checking for builder pod exit code
Done
Build complete.
Launching App...
remote: 2017/02/16 07:23:21 Error running git receive hook [The controller returned an error when publishing the release: Unknown Error (400): {"detail":"Error while pulling image: Get http://127.0.0.1:5555/v1/repositories/web-test/images: dial tcp 127.0.0.1:5555: getsockopt: connection refused"}]

From the controller logs,

ERROR:root:Error while pulling image: Get http://127.0.0.1:5555/v1/repositories/iconic-nonesuch/images: dial tcp 127.0.0.1:5555: getsockopt: connection refused
Traceback (most recent call last):
  File "/app/api/models/release.py", line 171, in get_port
    port = docker_get_port(self.image, deis_registry, creds)
  File "/app/registry/dockerclient.py", line 199, in get_port
    return DockerClient().get_port(target, deis_registry, creds)
  File "/app/registry/dockerclient.py", line 76, in get_port
    info = self.inspect_image(target)
  File "/usr/local/lib/python3.5/dist-packages/backoff.py", line 286, in retry
    ret = target(*args, **kwargs)
  File "/app/registry/dockerclient.py", line 152, in inspect_image
    self.pull(repo, tag=tag)
  File "/usr/local/lib/python3.5/dist-packages/backoff.py", line 286, in retry
    ret = target(*args, **kwargs)
  File "/app/registry/dockerclient.py", line 124, in pull
    log_output(stream, 'pull', repo, tag)
  File "/app/registry/dockerclient.py", line 174, in log_output
    stream_error(chunk, operation, repo, tag)
  File "/app/registry/dockerclient.py", line 191, in stream_error
    raise RegistryException(message)
registry.dockerclient.RegistryException: Error while pulling image: Get http://127.0.0.1:5555/v1/repositories/iconic-nonesuch/images: dial tcp 127.0.0.1:5555: getsockopt: connection refused

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/app/api/models/build.py", line 65, in create
    self.app.deploy(new_release)
  File "/app/api/models/app.py", line 461, in deploy
    deploys[scale_type] = self._gather_app_settings(release, app_settings, scale_type, replicas)  # noqa
  File "/app/api/models/app.py", line 1012, in _gather_app_settings
    envs = self._build_env_vars(release)
  File "/app/api/models/app.py", line 823, in _build_env_vars
    port = release.get_port()
  File "/app/api/models/release.py", line 179, in get_port
    raise DeisException(str(e)) from e
api.exceptions.DeisException: Error while pulling image: Get http://127.0.0.1:5555/v1/repositories/iconic-nonesuch/images: dial tcp 127.0.0.1:5555: getsockopt: connection refused

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/views.py", line 474, in dispatch
    response = handler(request, *args, **kwargs)
  File "/app/api/views.py", line 527, in create
    super(BuildHookViewSet, self).create(request, *args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/mixins.py", line 21, in create
    self.perform_create(serializer)
  File "/app/api/viewsets.py", line 21, in perform_create
    self.post_save(obj)
  File "/app/api/views.py", line 533, in post_save
    build.create(self.user)
  File "/app/api/models/build.py", line 79, in create
    raise DeisException(str(e)) from e
api.exceptions.DeisException: Error while pulling image: Get http://127.0.0.1:5555/v1/repositories/iconic-nonesuch/images: dial tcp 127.0.0.1:5555: getsockopt: connection refused
100.96.2.74 "POST /v2/hooks/build/ HTTP/1.1" 400 161 "deis-builder"

registry-proxy

100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3Ac5e8f860bff8a7b6c71dd992051b0074eef1f35a1ec0eb85b89e6fad6f75a2 HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3A37793e76b80da9bf64d0b9cda6113ed7d6752f70a18aaca4fb334d95b0d5b2 HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3Aebae89df1b24062237090db83234fa5198bf0ec95966bcd0114e8458a3b87a HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3A861a733d47aa6f4a281eddcaab5dedadc23e02acdcaa77d625f7d6e9ff80 HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3Acd8a70303abf53dbc18d23bbf4d3f7940954c5fdea080f21633bebf3d709be HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "HEAD /v2/iconic-nonesuch/blobs/sha256:c5e8f860bff8a7b6cbb71d92051b0074eef1f35a1ec0eb85b89e6fad6f75a2 HTTP/1.1" 307 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "HEAD /v2/iconic-nonesuch/blobs/sha256:861a733d45ce57aa6f481eddcaab5dedadc23e02acdcaa77d625f7d6e9ff80 HTTP/1.1" 307 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "HEAD /v2/iconic-nonesuch/blobs/sha256:cd8a70303abf53dbc18d2823bbf4d3f7940954c5fdea080f21633bebf3d709be HTTP/1.1" 307 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "HEAD /v2/iconic-nonesuch/blobs/sha256:37793e76b80da9f1b4d0b9cda6113ed7d6752f70a18aaca4fb334d95b0d5b2 HTTP/1.1" 307 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "HEAD /v2/iconic-nonesuch/blobs/sha256:ebae89df1b240c5237090db83234fa5198bf0ec95966bcd0114e8458a3b87a HTTP/1.1" 307 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3A8cadbcc591c5434732b1369570e26b500dd0629a1da2c470522c649c934d82 HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "HEAD /v2/iconic-nonesuch/blobs/sha256:8cadbcc591c54347a4b1369570e26b500dd0629a1da2c470522c649c934d82 HTTP/1.1" 307 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3A56c6ccbe0d684ac67104433b51a0ee9ecde2866d6e0a3878f4391a9de72904 HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "HEAD /v2/iconic-nonesuch/blobs/sha256:56c6ccbe0d68fd467104433b51a0ee9ecde2866d6e0a3878f4391a9de72904 HTTP/1.1" 307 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3A1496391d955720aaf94deb694968ea0d4ffb5463417c126e50ce0942fb46e5 HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "HEAD /v2/iconic-nonesuch/blobs/sha256:1496391d9d1720aaf94deb694968ea0d4ffb5463417c126e50ce0942fb46e5 HTTP/1.1" 307 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3A1ddfaaf1b6a67e1384b5ea8db83c32fffb9cb38ba1663840c633a24e33443c32 HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3A33d67d70afeacb1f44361dc61d94cf38a7ee5167a030c88d6906cf76611455 HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=klutzy-dragster&mount=sha256%3A9c1bc3c371bbb5ffb75b052221ce88a1c89f78187e7a2596c2d3fdd5f2043a HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=frozen-asteroid&mount=sha256%3A76610e0bf5892e24cebd4153c7668284aa1d1151b7c3b0c7d50c579aa5ce75 HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"
100.96.1.1 - - [16/Feb/2017:07:43:17 +0000] "POST /v2/iconic-nonesuch/blobs/uploads/?from=frozen-asteroid&mount=sha256%3Afce58aad85a763fe3c419db16885eb6f7a670a42824ea618414b8fb309ccde HTTP/1.1" 201 0 "-" "docker/1.12.3 go/go1.6.3 git-commit/6b644ec kernel/4.4.26-k8s os/linux arch/amd64 UpstreamClient(docker-py/1.10.6)" "-"

If #64 had to be the issue, then it shouldn't even have started for the very first time i believe, but i've started facing this issue since today only after running it successfully for more than a week.

Any guidance in the right direction can be helpful to debug this.

Proposal: port boot script to go

This assumes registry is lifted 'n' shifted from v1.x where the boot script is currently implemented as a shell script.

replace main.go with a bash script

All main.go literally does is set a few environment variables and execute the registry binary as a child process. It would greatly simplify the build toolchain if we just made it as a bash script, especially with the introduction of #73.

Pushing bigger images crashes registry/minio/controller/builder

Hello,
I have an image which is about 932M in size. When I try to push it to deis registry, it takes more than 15 mins and after that brings down registry/minio/controller/builder and k8s tries to restart them all at the same time. This makes the system unresponsive and some times soft locks the CPUs. This makes me to hard boot the whole cluster. As minio does not have persistent storage, i would have to repeat the pushing all over again.
I tried chunking my big image into smaller ones. Instead of pushing one big 932M image, I pushed multiple layers of images to deis registry (manually). Still, when pushing the last image layer, registry crashes, a minute after that minio crashes which brings down builder and controller in turn. There is no problem with the image as I have tested the image directly on docker and also through k8s. The container builds and runs perfectly fine without Deis.

Using 3 node virtualbox deis cluster with 12 core cpu, 125G RAM, 1TB hd/Deis workflow 2.0.0

Thanks!

Pushing image to desi registry times out when proxy is used

In /etc/default/docker ,

export HTTP_PROXY="corp proxy"
export NO_PROXY="deis-router-service-ip-address:80"

If HTTP_PROXY is not used, then, deis cannot pull the image from outside (docker hub)
If HTTP_PROXY is used, then, git push fails to push the image to the deis-registry (times out)
So added NO_PROXY for the deis-router-ip-address:80 . Still it is not able to push the image to deis-registry.
If HTTP_PROXY is removed, then, git push successfully pushes it to deis registry. But, should have the image ready by pulling it with HTTP_PROXY on.

How to enable both?

Thanks

Not compatible with Docker v1.11.x

I've been using the kube-aws tool from coreos/coreos-kubernetes to stand up my dev / test clusters in AWS. By default, the CoreOS nodes that get created use the latest image from CoreOS' alpha release channel. As of July 2, the latest release in that channel (1097.0.0) is the first CoreOS release to include Docker >= v1.11.0 (specifically, v1.11.2).

Since then, all pushes to Deis' internal registry fail. The logs below were captured from the controller and demonstrate a timeout is occurring. The controller, however, can probably be exonerated, as even a direct, manual docker push to the registry from any worker nodes fails. telnet <registry svc ip> 80 succeeds, so there would not seem to be any issue of connectivity at play.

Reverting to Docker 1.10.3 by building a new cluster using the beta channel (release 1068.3.0) does indeed correct the issue. A quick scan of Docker v1.11.x release notes does not reveal anything obvious that would explain this.

INFO [megaboom]: kent created initial release
INFO [megaboom]: domain megaboom added
10.2.52.0 "POST /v2/apps/ HTTP/1.1" 201 159 "Deis Client v2.2.0-dev"
INFO [megaboom]: build megaboom-6c52897 created
INFO [megaboom]: kent deployed quay.io/arschles/megaboom:devel
INFO Pulling Docker image quay.io/arschles/megaboom:devel
INFO Tagging Docker image quay.io/arschles/megaboom:devel as 10.3.0.128:80/megaboom:v2
INFO Pushing Docker image 10.3.0.128:80/megaboom:v2
ERROR:root:Uncaught Exception
Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/response.py", line 228, in _error_catcher
    yield
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/response.py", line 310, in read
    data = self._fp.read(amt)
  File "/usr/lib/python3.5/http/client.py", line 448, in read
    n = self.readinto(b)
  File "/usr/lib/python3.5/http/client.py", line 478, in readinto
    return self._readinto_chunked(b)
  File "/usr/lib/python3.5/http/client.py", line 573, in _readinto_chunked
    chunk_left = self._get_chunk_left()
  File "/usr/lib/python3.5/http/client.py", line 541, in _get_chunk_left
    chunk_left = self._read_next_chunk_size()
  File "/usr/lib/python3.5/http/client.py", line 501, in _read_next_chunk_size
    line = self.fp.readline(_MAXLINE + 1)
  File "/usr/lib/python3.5/socket.py", line 575, in readinto
    return self._sock.recv_into(b)
socket.timeout: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/views.py", line 463, in dispatch
    response = handler(request, *args, **kwargs)
  File "/app/api/views.py", line 171, in create
    return super(AppResourceViewSet, self).create(request, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/mixins.py", line 21, in create
    self.perform_create(serializer)
  File "/app/api/viewsets.py", line 21, in perform_create
    self.post_save(obj)
  File "/app/api/views.py", line 246, in post_save
    self.release = build.create(self.request.user)
  File "/app/api/models/build.py", line 60, in create
    source_version=self.version
  File "/app/api/models/release.py", line 88, in new
    release.publish()
  File "/app/api/models/release.py", line 135, in publish
    publish_release(source_image, self.image, deis_registry, self.get_registry_auth())
  File "/app/registry/dockerclient.py", line 197, in publish_release
    return DockerClient().publish_release(source, target, deis_registry, creds)
  File "/app/registry/dockerclient.py", line 116, in publish_release
    self.push("{}/{}".format(self.registry, name), tag)
  File "/app/registry/dockerclient.py", line 138, in push
    log_output(stream, 'push', repo, tag)
  File "/app/registry/dockerclient.py", line 176, in log_output
    for chunk in stream:
  File "/usr/local/lib/python3.5/dist-packages/docker/client.py", line 225, in _stream_helper
    data = reader.read(1)
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/response.py", line 320, in read
    flush_decoder = True
  File "/usr/lib/python3.5/contextlib.py", line 77, in __exit__
    self.gen.throw(type, value, traceback)
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/response.py", line 233, in _error_catcher
    raise ReadTimeoutError(self._pool, None, 'Read timed out.')
requests.packages.urllib3.exceptions.ReadTimeoutError: UnixHTTPConnectionPool(host='localhost', port=None): Read timed out.
10.2.52.0 "POST /v2/apps/megaboom/builds/ HTTP/1.1" 500 25 "Deis Client v2.2.0-dev"

Remove docker build tag from Dockerfile

After deis/distribution#9 is done, include_gcs can be removed from the build tags.

cannot upload docker container to registry

When I build an up with buildpack it works, but when I want to build container I cannot upload it to the registry

 kubectl version
Client Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.4", GitCommit:"dd6b458ef8dbf24aff55795baa68f83383c9b3a9", GitTreeState:"clean", BuildDate:"2016-08-01T16:45:16Z", GoVersion:"go1.6.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.4+coreos.0", GitCommit:"be9bf3e842a90537e48361aded2872e389e902e7", GitTreeState:"clean", BuildDate:"2016-08-02T00:54:53Z", GoVersion:"go1.6.2", Compiler:"gc", Platform:"linux/amd64"}

deis version
v2.4.0

     git push deis master
Counting objects: 589, done.
Compressing objects: 100% (416/416), done.
Writing objects: 100% (589/589), 2.47 MiB, done.
Total 589 (delta 46), reused 581 (delta 42)
Starting build... but first, coffee!
Step 1 : FROM ruby:2.0.0-p576
---> a137b6df82e8
Step 2 : COPY . /app
---> Using cache
---> a7107ea0f79a
Step 3 : WORKDIR /app
---> Using cache
---> ba2d0c3222ec
Step 4 : EXPOSE 3000
---> Using cache
---> 18f7fb188ed3
Step 5 : CMD while true; do echo hello world; sleep 1; done
---> Using cache
---> 4e22b0487484
Successfully built 4e22b0487484
Pushing to registry
{"errorDetail":{"message":"Put http://localhost:5555/v1/repositories/spree/: dial tcp 127.0.0.1:5555: getsockopt: connection refused"},"error":"Put http://localhost:5555/v1/repositories/spree/: dial tcp 127.0.0.remote: getsockopt: connection refused"}

I know that there are environmental variables to point this address:

     Environment Variables:
      DEIS_REGISTRY_SERVICE_HOST:   localhost
      DEIS_REGISTRY_SERVICE_PORT:   5555

but I don't understand why, since none of the pods, and none of the services is listening on 5555

services

kubectl get services --namespace=deis
NAME                     CLUSTER-IP   EXTERNAL-IP   PORT(S)                            AGE
deis-builder             10.3.0.233   <none>        2222/TCP                           1d
deis-controller          10.3.0.23    <none>        80/TCP                             1d
deis-database            10.3.0.253   <none>        5432/TCP                           1d
deis-logger              10.3.0.221   <none>        80/TCP                             1d
deis-logger-redis        10.3.0.148   <none>        6379/TCP                           1d
deis-minio               10.3.0.232   <none>        9000/TCP                           1d
deis-monitor-grafana     10.3.0.113   <none>        80/TCP                             1d
deis-monitor-influxapi   10.3.0.234   <none>        80/TCP                             1d
deis-monitor-influxui    10.3.0.141   <none>        80/TCP                             1d
deis-nsqd                10.3.0.82    <none>        4151/TCP,4150/TCP                  1d
deis-registry            10.3.0.188   <none>        80/TCP                             1d
deis-router              10.3.0.133   <pending>     80/TCP,443/TCP,2222/TCP,9090/TCP   1d
deis-workflow-manager    10.3.0.34    <none>        80/TCP                             1d

pods


kubectl describe  pods deis-registry-3758253254-3gtjo   --namespace=deis 
Name:       deis-registry-3758253254-3gtjo
Namespace:  deis
Node:       10.63.11.75/10.63.11.75
Start Time: Mon, 22 Aug 2016 10:36:12 +0000
Labels:     app=deis-registry
        pod-template-hash=3758253254
Status:     Running
IP:     10.2.12.12
Controllers:    ReplicaSet/deis-registry-3758253254
Containers:
  deis-registry:
    Container ID:   docker://78d6d569eefac3766e4b921f21b7847d36866a266ae76424d7d6e572bb2f5979
    Image:      quay.io/deis/registry:v2.2.0
    Image ID:       docker://sha256:0eb83b180d1aa993fcdd715e4b919b4867051d4f35a813a56eec04ae0705d3d1
    Port:       5000/TCP
    State:      Running
      Started:      Mon, 22 Aug 2016 10:43:05 +0000
    Ready:      True
    Restart Count:  0
    Liveness:       http-get http://:5000/v2/ delay=1s timeout=1s period=10s #success=1 #failure=3
    Readiness:      http-get http://:5000/v2/ delay=1s timeout=1s period=10s #success=1 #failure=3
    Environment Variables:
      REGISTRY_STORAGE_DELETE_ENABLED:  true
      REGISTRY_LOG_LEVEL:       info
      REGISTRY_STORAGE:         minio
Conditions:
  Type      Status
  Initialized   True 
  Ready     True 
  PodScheduled  True 
Volumes:
  registry-storage:
    Type:   EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium: 
  registry-creds:
    Type:   Secret (a volume populated by a Secret)
    SecretName: objectstorage-keyfile
  deis-registry-token-inyyj:
    Type:   Secret (a volume populated by a Secret)
    SecretName: deis-registry-token-inyyj
QoS Tier:   BestEffort
No events.


kubectl describe  pods deis-registry-proxy-cpu68    --namespace=deis 
Name:       deis-registry-proxy-cpu68
Namespace:  deis
Node:       10.63.11.76/10.63.11.76
Start Time: Mon, 22 Aug 2016 10:36:31 +0000
Labels:     app=deis-registry-proxy
        heritage=deis
Status:     Running
IP:     10.2.63.4
Controllers:    DaemonSet/deis-registry-proxy
Containers:
  deis-registry-proxy:
    Container ID:   docker://dc29ab400a06ae5dc1407c7f1fb0880d4257720170eded6a7f8cde5431fa9570
    Image:      quay.io/deis/registry-proxy:v1.0.0
    Image ID:       docker://sha256:fde297ec95aa244e5be48f438de39a13dae16a1593b3792d8c10cd1d7011f8d1
    Port:       80/TCP
    Limits:
      cpu:  100m
      memory:   50Mi
    Requests:
      cpu:      100m
      memory:       50Mi
    State:      Running
      Started:      Mon, 22 Aug 2016 10:38:32 +0000
    Ready:      True
    Restart Count:  0
    Environment Variables:
      REGISTRY_HOST:    $(DEIS_REGISTRY_SERVICE_HOST)
      REGISTRY_PORT:    $(DEIS_REGISTRY_SERVICE_PORT)
Conditions:
  Type      Status
  Initialized   True 
  Ready     True 
  PodScheduled  True 
Volumes:
  default-token-tk993:
    Type:   Secret (a volume populated by a Secret)
    SecretName: default-token-tk993
QoS Tier:   Guaranteed
No events.

S3 object store on aws should not require credentials

accesskey and secretkey should not be required as aws-sdk when running on an AWS instance will pull the credentials from the metadata service

contrib/**/deploy.sh needs to move to standard _scripts/deploy.sh

In order to make our releases as smooth as possible, I'd like for the travis deploy.sh script to be located in the same place in all the Deis v2 component repos. Right now that place is: _scripts/deploy.sh

My version bump/release tool has problems with this repository because the travis deploy script lives in the contrib/** structure:

Entering 'registry'
---------
[tag-all]  advancing travis build to push with IMAGE_PREFIX=deisci and VERSION=v2-alpha2
[tag-all]  _scripts/deploy.sh doesn't exist in repo: registry

Use cluster-configured object storage

Registry should persist to cluster configured object storage.

docker registry connection refused deis on kubernetes aws

I have installed workflow using helm. It is using the default backed. I am going through the example go app and seeing an error. Here are the commands:

$ deis create --no-remote
Creating Application... done, created golden-utensils
If you want to add a git remote for this app later, use `deis git:remote -a golden-utensils`
$ deis pull deis/example-go -a golden-utensils
Creating build... Error: Unknown Error (400): {"detail":"Put http://127.0.0.1:5555/v1/repositories/golden-utensils/: dial tcp 127.0.0.1:5555: getsockopt: connection refused"}

controller logs:

10.240.1.1 "POST /v2/hooks/config/ HTTP/1.1" 200 227 "deis-builder"
INFO [golden-utensils]: build golden-utensils-d541346 created
INFO:api.models.app:[golden-utensils]: build golden-utensils-d541346 created
INFO [golden-utensils]: admin deployed deis/example-go
INFO:api.models.app:[golden-utensils]: admin deployed deis/example-go
INFO Pulling Docker image deis/example-go:latest
INFO:registry.dockerclient:Pulling Docker image deis/example-go:latest
INFO Tagging Docker image deis/example-go:latest as 127.0.0.1:5555/golden-utensils:v3
INFO:registry.dockerclient:Tagging Docker image deis/example-go:latest as 127.0.0.1:5555/golden-utensils:v3
INFO Pushing Docker image 127.0.0.1:5555/golden-utensils:v3
INFO:registry.dockerclient:Pushing Docker image 127.0.0.1:5555/golden-utensils:v3
ERROR:backoff._common:Backing off push(...) for 0.3s (registry.dockerclient.RegistryException: Put http://127.0.0.1:5555/v1/repositories/golden-utensils/: dial tcp 127.0.0.1:5555: getsockopt: connection refused)
INFO Pushing Docker image 127.0.0.1:5555/golden-utensils:v3
INFO:registry.dockerclient:Pushing Docker image 127.0.0.1:5555/golden-utensils:v3
ERROR:backoff._common:Backing off push(...) for 0.9s (registry.dockerclient.RegistryException: Put http://127.0.0.1:5555/v1/repositories/golden-utensils/: dial tcp 127.0.0.1:5555: getsockopt: connection refused)
INFO Pushing Docker image 127.0.0.1:5555/golden-utensils:v3
INFO:registry.dockerclient:Pushing Docker image 127.0.0.1:5555/golden-utensils:v3
ERROR:backoff._common:Giving up push(...) after 3 tries (registry.dockerclient.RegistryException: Put http://127.0.0.1:5555/v1/repositories/golden-utensils/: dial tcp 127.0.0.1:5555: getsockopt: connection refused)
INFO [golden-utensils]: Put http://127.0.0.1:5555/v1/repositories/golden-utensils/: dial tcp 127.0.0.1:5555: getsockopt: connection refused
INFO:api.models.app:[golden-utensils]: Put http://127.0.0.1:5555/v1/repositories/golden-utensils/: dial tcp 127.0.0.1:5555: getsockopt: connection refused
ERROR:root:Put http://127.0.0.1:5555/v1/repositories/golden-utensils/: dial tcp 127.0.0.1:5555: getsockopt: connection refused
Traceback (most recent call last):
  File "/app/api/models/release.py", line 89, in new
    release.publish()
  File "/app/api/models/release.py", line 136, in publish
    publish_release(source_image, self.image, deis_registry, self.get_registry_auth())
  File "/app/registry/dockerclient.py", line 195, in publish_release
    return DockerClient().publish_release(source, target, deis_registry, creds)
  File "/app/registry/dockerclient.py", line 114, in publish_release
    self.push("{}/{}".format(self.registry, name), tag)
  File "/usr/local/lib/python3.5/dist-packages/backoff/_sync.py", line 85, in retry
    ret = target(*args, **kwargs)
  File "/app/registry/dockerclient.py", line 131, in push
    log_output(stream, 'push', repo, tag)
  File "/app/registry/dockerclient.py", line 174, in log_output
    stream_error(chunk, operation, repo, tag)
  File "/app/registry/dockerclient.py", line 191, in stream_error
    raise RegistryException(message)
registry.dockerclient.RegistryException: Put http://127.0.0.1:5555/v1/repositories/golden-utensils/: dial tcp 127.0.0.1:5555: getsockopt: connection refused

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/app/api/models/build.py", line 63, in create
    source_version=self.version
  File "/app/api/models/release.py", line 96, in new
    raise DeisException(str(e)) from e
api.exceptions.DeisException: Put http://127.0.0.1:5555/v1/repositories/golden-utensils/: dial tcp 127.0.0.1:5555: getsockopt: connection refused

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/views.py", line 480, in dispatch
    response = handler(request, *args, **kwargs)
  File "/app/api/views.py", line 185, in create
    return super(AppResourceViewSet, self).create(request, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/mixins.py", line 21, in create
    self.perform_create(serializer)
  File "/app/api/viewsets.py", line 21, in perform_create
    self.post_save(obj)
  File "/app/api/views.py", line 268, in post_save
    self.release = build.create(self.request.user)
  File "/app/api/models/build.py", line 79, in create
    raise DeisException(str(e)) from e
api.exceptions.DeisException: Put http://127.0.0.1:5555/v1/repositories/golden-utensils/: dial tcp 127.0.0.1:5555: getsockopt: connection refused
10.240.1.1 "POST /v2/apps/golden-utensils/builds/ HTTP/1.1" 400 128 "Deis Client v2.13.0"

Can't connect to registry pod

Hi,
I'm building apps to Deis V2 with S3 backend. When i run "git push deis master" I get this error:

Removing intermediate container aafad5c94f80
Successfully built 972c4c508b78
pushing to registry
remote: ":"The push refers to a repository [10.0.1.20:80/prova9] (len: 1)"}

{"errorDetail":{"message":"unable to ping registry endpoint https://10.0.1.20:80/v0/\nv2 ping attempt failed with error: Get https://10.0.1.20:80/v2/: tls: oversized record     received with length 20527\n v1 ping attempt failed with error: Get https://10.0.1.20:80/v1/_ping: tls: oversized record received with length 20527"},"error":"unable to ping     registry endpoint https://10.0.1.20:80/v0/\nv2 ping attempt failed with error: Get https://10.0.1.20:80/v2/: tls: oversized record received with length 20527\n v1 ping attempt     failed with error: Get https://10.0.1.20:80/v1/_ping: tls: oversized record received with lengtremote: }

Build complete.
Launching app.

How can I reestablish the Registry component?

kubectl describe pod/prova9-v2-cmd-v1jhr --namespace=prova9

  2m    2m    1 {default-scheduler }                  Scheduled Successfully assigned prova9-v2-cmd-v1jhr to ip-172-20-0-67.eu-west-1.compute.internal
  2m    48s   4 {kubelet ip-172-20-0-67.eu-west-1.compute.internal} spec.containers{prova9-cmd} Pulling   pulling image "10.0.1.20:80/prova9:git-de15cce0"
  2m    48s   4 {kubelet ip-172-20-0-67.eu-west-1.compute.internal} spec.containers{prova9-cmd} Failed    Failed to pull image "10.0.1.20:80/prova9:git-de15cce0": API error     (500): unable to ping registry endpoint https://10.0.1.20:80/v0/
v2 ping attempt failed with error: Get https://10.0.1.20:80/v2/: tls: oversized record received with length 20527
 v1 ping attempt failed with error: Get https://10.0.1.20:80/v1/_ping: tls: oversized record received with length 20527

  2m  48s 4 {kubelet ip-172-20-0-67.eu-west-1.compute.internal}   FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "prova9-cmd" with ErrImagePull: "API     error (500): unable to ping registry endpoint https://10.0.1.20:80/v0/\nv2 ping attempt failed with error: Get https://10.0.1.20:80/v2/: tls: oversized record received with     length 20527\n v1 ping attempt failed with error: Get https://10.0.1.20:80/v1/_ping: tls: oversized record received with length 20527\n"

  2m  3s  8 {kubelet ip-172-20-0-67.eu-west-1.compute.internal} spec.containers{prova9-cmd} BackOff   Back-off pulling image "10.0.1.20:80/prova9:git-de15cce0"
  2m  3s  8 {kubelet ip-172-20-0-67.eu-west-1.compute.internal}         FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "prova9-cmd" with     ImagePullBackOff: "Back-off pulling image \"10.0.1.20:80/prova9:git-de15cce0\""

In controller container I run:
telnet 10.0.1.20 80
HTTP/1.1 400 Bad Request

In registry container I run:
telnet 127.0.0.1 80
telnet: can't connect to remote host (127.0.0.1): Connection refused

Registry logs:

...
2016-04-12T08:05:52.707644464Z time="2016-04-12T08:05:52.674220195Z" level=info msg="response completed" go.version=go1.5.3 http.request.host="10.244.0.6:5000" http.request.    id=3a83f284-16c0-44e9-87a2-be0e27ff2b6e http.request.method=GET http.request.remoteaddr="10.244.0.1:55426" http.request.uri="/v2/" http.request.useragent="Go 1.1 package http"     http.response.contenttype="application/json; charset=utf-8" http.response.duration=2.089664ms http.response.status=200 http.response.written=2 instance.id=014d0ce0-acc1-4332-8352-    ab8f173ec830 service=registry version=v2.1.1-495-g1a90b2b 
2016-04-12T08:05:52.744024440Z 10.244.0.1 - - [12/Apr/2016:08:05:52 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "Go 1.1 package http"
2016-04-12T08:05:52.747036794Z time="2016-04-12T08:05:52.746943294Z" level=info msg="response completed" go.version=go1.5.3 http.request.host="10.244.0.6:5000" http.request.    id=f07dba93-ee92-4d9b-b825-42ecd9b08a06 http.request.method=GET http.request.remoteaddr="10.244.0.1:55425" http.request.uri="/v2/" http.request.useragent="Go 1.1 package http"     http.response.contenttype="application/json; charset=utf-8" http.response.duration=75.787271ms http.response.status=200 http.response.written=2 instance.id=014d0ce0-acc1-4332-8352    -ab8f173ec830 service=registry version=v2.1.1-495-g1a90b2b 
2016-04-12T08:05:52.764476772Z 10.244.0.1 - - [12/Apr/2016:08:05:52 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "Go 1.1 package http"
...

High CPU / memory usage

I have a workflow-beta1 cluster on GKE and I noticed that the registry is currently using a lot of CPU and memory.

CPU 99% / 2 CPU
Memory 6.93 GB / 7.86 GB
Filesystem #1 7.25 GB / 105.55 GB

Here is what a top gives me inside the container :

Mem: 7500036K used, 179788K free, 17340K shrd, 231044K buff, 6253904K cached
CPU:  97% usr   2% sys   0% nic   0% idle   0% io   0% irq   0% sirq
Load average: 2.61 2.58 2.50 6/265 26
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
    1     0 root     R     5264   0%   0  47% /opt/registry/sbin/registry
   10     1 root     S    44508   1%   0   0% /bin/registry /etc/docker/registry
   19     0 root     S     1524   0%   1   0% sh
   26    19 root     R     1516   0%   0   0% top

Looking at the logs, health checks are running every 10sec so I don't think this is related :

10.120.1.1 - - [19/Mar/2016:15:45:35 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "Go 1.1 package http"
time="2016-03-19T15:45:35.662589549Z" level=info msg="response completed" go.version=go1.5.3 http.request.host="10.120.1.6:5000" http.request.id=60dc3345-b174-4c49-b498-4f488405eed2 http.request.method=GET http.request.remoteaddr="10.120.1.1:38371" http.request.uri="/v2/" http.request.useragent="Go 1.1 package http" http.response.contenttype="application/json; charset=utf-8" http.response.duration=9.551668ms http.response.status=200 http.response.written=2 instance.id=c7d22075-a9f0-47dc-8310-9880873e4ce9 service=registry version=v2.1.1-495-g1a90b2b
10.120.1.1 - - [19/Mar/2016:15:45:35 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "Go 1.1 package http"
time="2016-03-19T15:45:45.611628633Z" level=info msg="response completed" go.version=go1.5.3 http.request.host="10.120.1.6:5000" http.request.id=3e66ebc9-34e8-4937-98ea-848fc9d06206 http.request.method=GET http.request.remoteaddr="10.120.1.1:38387" http.request.uri="/v2/" http.request.useragent="Go 1.1 package http" http.response.contenttype="application/json; charset=utf-8" http.response.duration=26.864846ms http.response.status=200 http.response.written=2 instance.id=c7d22075-a9f0-47dc-8310-9880873e4ce9 service=registry version=v2.1.1-495-g1a90b2b
10.120.1.1 - - [19/Mar/2016:15:45:45 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "Go 1.1 package http"
time="2016-03-19T15:45:45.620516682Z" level=info msg="response completed" go.version=go1.5.3 http.request.host="10.120.1.6:5000" http.request.id=df8575f2-34a9-47d0-851a-248cb5222c22 http.request.method=GET http.request.remoteaddr="10.120.1.1:38390" http.request.uri="/v2/" http.request.useragent="Go 1.1 package http" http.response.contenttype="application/json; charset=utf-8" http.response.duration=6.967003ms http.response.status=200 http.response.written=2 instance.id=c7d22075-a9f0-47dc-8310-9880873e4ce9 service=registry version=v2.1.1-495-g1a90b2b
10.120.1.1 - - [19/Mar/2016:15:45:45 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "Go 1.1 package http"
time="2016-03-19T15:45:55.616159553Z" level=info msg="response completed" go.version=go1.5.3 http.request.host="10.120.1.6:5000" http.request.id=d118d552-28e1-4559-ac0f-a93f0fd6cd1d http.request.method=GET http.request.remoteaddr="10.120.1.1:38410" http.request.uri="/v2/" http.request.useragent="Go 1.1 package http" http.response.contenttype="application/json; charset=utf-8" http.response.duration=12.098968ms http.response.status=200 http.response.written=2 instance.id=c7d22075-a9f0-47dc-8310-9880873e4ce9 service=registry version=v2.1.1-495-g1a90b2b
10.120.1.1 - - [19/Mar/2016:15:45:55 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "Go 1.1 package http"
time="2016-03-19T15:45:55.624674398Z" level=info msg="response completed" go.version=go1.5.3 http.request.host="10.120.1.6:5000" http.request.id=5e30adbd-e14c-4d67-8ae2-5f57aff2788c http.request.method=GET http.request.remoteaddr="10.120.1.1:38411" http.request.uri="/v2/" http.request.useragent="Go 1.1 package http" http.response.contenttype="application/json; charset=utf-8" http.response.duration=2.213119ms http.response.status=200 http.response.written=2 instance.id=c7d22075-a9f0-47dc-8310-9880873e4ce9 service=registry version=v2.1.1-495-g1a90b2b
10.120.1.1 - - [19/Mar/2016:15:45:55 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "Go 1.1 package http"
time="2016-03-19T15:46:05.61070371Z" level=info msg="response completed" go.version=go1.5.3 http.request.host="10.120.1.6:5000" http.request.id=a4aa66e6-294b-4bf5-b6cf-39007bdead68 http.request.method=GET http.request.remoteaddr="10.120.1.1:38431" http.request.uri="/v2/" http.request.useragent="Go 1.1 package http" http.response.contenttype="application/json; charset=utf-8" http.response.duration=7.893672ms http.response.status=200 http.response.written=2 instance.id=c7d22075-a9f0-47dc-8310-9880873e4ce9 service=registry version=v2.1.1-495-g1a90b2b
10.120.1.1 - - [19/Mar/2016:15:46:05 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "Go 1.1 package http"
time="2016-03-19T15:46:05.650572921Z" level=info msg="response completed" go.version=go1.5.3 http.request.host="10.120.1.6:5000" http.request.id=f9a63ecf-ab25-402c-8156-8066f6ed46a0 http.request.method=GET http.request.remoteaddr="10.120.1.1:38433" http.request.uri="/v2/" http.request.useragent="Go 1.1 package http" http.response.contenttype="application/json; charset=utf-8" http.response.duration=8.907149ms http.response.status=200 http.response.written=2 instance.id=c7d22075-a9f0-47dc-8310-9880873e4ce9 service=registry version=v2.1.1-495-g1a90b2b
10.120.1.1 - - [19/Mar/2016:15:46:05 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "Go 1.1 package http"
time="2016-03-19T15:46:15.592810653Z" level=info msg="response completed" go.version=go1.5.3 http.request.host="10.120.1.6:5000" http.request.id=9d520bec-5b8d-4b94-98dd-e0f11354dc13 http.request.method=GET http.request.remoteaddr="10.120.1.1:38449" http.request.uri="/v2/" http.request.useragent="Go 1.1 package http" http.response.contenttype="application/json; charset=utf-8" http.response.duration=14.144144ms http.response.status=200 http.response.written=2 instance.id=c7d22075-a9f0-47dc-8310-9880873e4ce9 service=registry version=v2.1.1-495-g1a90b2b

I didn't tweak anything on the registry and I understood that it uses minio for storage.
Any idea about that ?

Cannot store docker image in minio - causes broken `deis pull` command

Per @bacongobbler's request, pulling this out of #64 because it's different, yo.

TL;DR:

Because of moby/moby#26492, which is symptomatic in coreos/bugs#1554, the deis-registry throws numerous dial tcp <in-cluster ip>:9000: i/o timeout errors when trying to store docker images to minio, which may or may not surface in the deis-controller logs as either dockerclient exceptions with the same error, or gunicorn exceptions with a [CRITICAL] WORKER TIMOUT error.

From what I can tell, ANY systemd-based host running docker 1.12.1 in a kubernetes cluster is at risk of suffering from this bug. It only LOOKS like an etcd issue.

Top-Down (from helmc + deis -> kubernetes -> Docker + CoreOS)

Because that's the road I took, and you get to come along the scenic route with me.

It should be noted that while things are working fully, in many cases kubernetes appears "just fine" until you do a little digging.

All of my testing where I ran into this problem was against the Alpha CoreOS channel:

export KUBERNETES_PROVIDER=libvirt-coreos && export NUM_NODES=2 or 3 or 4
./cluster/kube-up.sh
# wait for etcd to settle
helmc install workflow-v2.5.0
# wait for kubernetes cluster to all be ready
deis pull <private registry>:5000/aergo-server:1.0.0-SNAPSHOT -a aergo-server

helmc + deis

Once your kubernetes cluster is up, during helmc install workflow-v2.5.0 the manifest may successfully deploy, or there could be Error from server: error when creating "STDIN": client: etcd cluster is unavailable or misconfigured.

Once deis workflow has been deployed, the symptom is the following two errors found in the controller logs when pushing a docker image into the registry. All of which seem to stem from an inability to connect to the minio server:

dockerclient dial i/o timeout

INFO [aergo-server]: build aergo-server-11b3c2a created
INFO [aergo-server]: rbellamy deployed 192.168.57.10:5000/aergo-server:1.0.0-SNAPSHOT
INFO Pulling Docker image 192.168.57.10:5000/aergo-server:1.0.0-SNAPSHOT
INFO Tagging Docker image 192.168.57.10:5000/aergo-server:1.0.0-SNAPSHOT as localhost:5555/aergo-server:v2
INFO Pushing Docker image localhost:5555/aergo-server:v2
INFO Pushing Docker image localhost:5555/aergo-server:v2
INFO Pushing Docker image localhost:5555/aergo-server:v2
INFO [aergo-server]: dial tcp 10.11.28.91:9000: i/o timeout
ERROR:root:dial tcp 10.11.28.91:9000: i/o timeout
Traceback (most recent call last):
  File "/app/api/models/release.py", line 88, in new
    release.publish()
  File "/app/api/models/release.py", line 135, in publish
    publish_release(source_image, self.image, deis_registry, self.get_registry_auth())
  File "/app/registry/dockerclient.py", line 199, in publish_release
    return DockerClient().publish_release(source, target, deis_registry, creds)
  File "/app/registry/dockerclient.py", line 117, in publish_release
    self.push("{}/{}".format(self.registry, name), tag)
  File "/usr/local/lib/python3.5/dist-packages/backoff.py", line 286, in retry
    ret = target(*args, **kwargs)
  File "/app/registry/dockerclient.py", line 135, in push
    log_output(stream, 'push', repo, tag)
  File "/app/registry/dockerclient.py", line 178, in log_output
    stream_error(chunk, operation, repo, tag)
  File "/app/registry/dockerclient.py", line 195, in stream_error
    raise RegistryException(message)
registry.dockerclient.RegistryException: dial tcp 10.11.28.91:9000: i/o timeout

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/app/api/models/build.py", line 62, in create
    source_version=self.version
  File "/app/api/models/release.py", line 95, in new
    raise DeisException(str(e)) from e
api.exceptions.DeisException: dial tcp 10.11.28.91:9000: i/o timeout

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/views.py", line 471, in dispatch
    response = handler(request, *args, **kwargs)
  File "/app/api/views.py", line 181, in create
    return super(AppResourceViewSet, self).create(request, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/mixins.py", line 21, in create
    self.perform_create(serializer)
  File "/app/api/viewsets.py", line 21, in perform_create
    self.post_save(obj)
  File "/app/api/views.py", line 258, in post_save
    self.release = build.create(self.request.user)
  File "/app/api/models/build.py", line 71, in create
    raise DeisException(str(e)) from e
api.exceptions.DeisException: dial tcp 10.11.28.91:9000: i/o timeout
10.10.2.8 "POST /v2/apps/aergo-server/builds/ HTTP/1.1" 400 51 "Deis Client v2.5.1"

gunicorn [CRITICAL] WORKER TIMEOUT

INFO [aergo-server]: build aergo-server-c09bb9b created
INFO [aergo-server]: rbellamy deployed 192.168.57.10:5000/aergo-server:1.0.0-SNAPSHOT
INFO Pulling Docker image 192.168.57.10:5000/aergo-server:1.0.0-SNAPSHOT
INFO Tagging Docker image 192.168.57.10:5000/aergo-server:1.0.0-SNAPSHOT as localhost:5555/aergo-server:v4
INFO Pushing Docker image localhost:5555/aergo-server:v4
INFO Pushing Docker image localhost:5555/aergo-server:v4
10.10.2.8 "GET /v2/apps/aergo-server/logs HTTP/1.1" 200 1284 "Deis Client v2.5.1"
INFO Pushing Docker image localhost:5555/aergo-server:v4
[2016-09-21 16:05:50 +0000] [24] [CRITICAL] WORKER TIMEOUT (pid:37)
[2016-09-21 16:05:50 +0000] [37] [WARNING] worker aborted
  File "/usr/local/bin/gunicorn", line 11, in <module>
    sys.exit(run())
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/app/wsgiapp.py", line 74, in run
    WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run()
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/app/base.py", line 192, in run
    super(Application, self).run()
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/app/base.py", line 72, in run
    Arbiter(self).run()
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/arbiter.py", line 189, in run
    self.manage_workers()
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/arbiter.py", line 524, in manage_workers
    self.spawn_workers()
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/arbiter.py", line 590, in spawn_workers
    self.spawn_worker()
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/arbiter.py", line 557, in spawn_worker
    worker.init_process()
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/workers/base.py", line 132, in init_process
    self.run()
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/workers/sync.py", line 124, in run
    self.run_for_one(timeout)
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/workers/sync.py", line 68, in run_for_one
    self.accept(listener)
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/workers/sync.py", line 30, in accept
    self.handle(listener, client, addr)
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/workers/sync.py", line 135, in handle
    self.handle_request(listener, req, client, addr)
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/workers/sync.py", line 176, in handle_request
    respiter = self.wsgi(environ, resp.start_response)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/wsgi.py", line 170, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/base.py", line 124, in get_response
    response = self._middleware_chain(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 39, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/utils/deprecation.py", line 133, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 39, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/utils/deprecation.py", line 133, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 39, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/utils/deprecation.py", line 133, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 39, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/utils/deprecation.py", line 133, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 39, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/utils/deprecation.py", line 133, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 39, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/utils/deprecation.py", line 133, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 39, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/utils/deprecation.py", line 133, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 39, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/utils/deprecation.py", line 133, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 39, in inner
    response = get_response(request)
  File "/app/api/middleware.py", line 22, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 39, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/base.py", line 185, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python3.5/dist-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
    return view_func(*args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/viewsets.py", line 87, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/views.py", line 471, in dispatch
    response = handler(request, *args, **kwargs)
  File "/app/api/views.py", line 181, in create
    return super(AppResourceViewSet, self).create(request, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/rest_framework/mixins.py", line 21, in create
    self.perform_create(serializer)
  File "/app/api/viewsets.py", line 21, in perform_create
    self.post_save(obj)
  File "/app/api/views.py", line 258, in post_save
    self.release = build.create(self.request.user)
  File "/app/api/models/build.py", line 62, in create
    source_version=self.version
  File "/app/api/models/release.py", line 88, in new
    release.publish()
  File "/app/api/models/release.py", line 135, in publish
    publish_release(source_image, self.image, deis_registry, self.get_registry_auth())
  File "/app/registry/dockerclient.py", line 199, in publish_release
    return DockerClient().publish_release(source, target, deis_registry, creds)
  File "/app/registry/dockerclient.py", line 117, in publish_release
    self.push("{}/{}".format(self.registry, name), tag)
  File "/usr/local/lib/python3.5/dist-packages/backoff.py", line 286, in retry
    ret = target(*args, **kwargs)
  File "/app/registry/dockerclient.py", line 135, in push
    log_output(stream, 'push', repo, tag)
  File "/app/registry/dockerclient.py", line 175, in log_output
    for chunk in stream:
  File "/usr/local/lib/python3.5/dist-packages/docker/client.py", line 245, in _stream_helper
    data = reader.read(1)
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/response.py", line 314, in read
    data = self._fp.read(amt)
  File "/usr/lib/python3.5/http/client.py", line 448, in read
    n = self.readinto(b)
  File "/usr/lib/python3.5/http/client.py", line 478, in readinto
    return self._readinto_chunked(b)
  File "/usr/lib/python3.5/http/client.py", line 573, in _readinto_chunked
    chunk_left = self._get_chunk_left()
  File "/usr/lib/python3.5/http/client.py", line 541, in _get_chunk_left
    chunk_left = self._read_next_chunk_size()
  File "/usr/lib/python3.5/http/client.py", line 501, in _read_next_chunk_size
    line = self.fp.readline(_MAXLINE + 1)
  File "/usr/lib/python3.5/socket.py", line 575, in readinto
    return self._sock.recv_into(b)
  File "/usr/local/lib/python3.5/dist-packages/gunicorn/workers/base.py", line 191, in handle_abort
    self.cfg.worker_abort(self)
  File "/app/deis/gunicorn/config.py", line 36, in worker_abort
    traceback.print_stack()

kubernetes

When checking the status of the cluster, either through kubectl cluster-info or kubectl get componentstatus, it will report that either client: etcd cluster is unavailable or misconfigured or HTTP probe failed with statuscode: 503 - frequently shifting back and forth between the two at odd intervals.

flaky etcd

2016-09-18 22:34:53
rbellamy@eanna i ~/kubernetes % kubectl get componentstatuses
NAME                 STATUS    MESSAGE              ERROR
controller-manager   Healthy   ok                   
scheduler            Healthy   ok                   
etcd-0               Healthy   {"health": "true"}   
2016-09-18 22:34:58
rbellamy@eanna i ~/kubernetes % kubectl get componentstatuses
NAME                 STATUS      MESSAGE                                  ERROR
controller-manager   Healthy     ok                                       
scheduler            Healthy     ok                                       
etcd-0               Unhealthy   HTTP probe failed with statuscode: 503   
2016-09-18 22:35:00
rbellamy@eanna i ~/kubernetes % kubectl get componentstatuses
NAME                 STATUS    MESSAGE              ERROR
scheduler            Healthy   ok                   
controller-manager   Healthy   ok                   
etcd-0               Healthy   {"health": "true"}   
2016-09-18 22:35:02
rbellamy@eanna i ~/kubernetes % kubectl get componentstatuses
NAME                 STATUS      MESSAGE                                  ERROR
scheduler            Healthy     ok                                       
controller-manager   Healthy     ok                                       
etcd-0               Unhealthy   HTTP probe failed with statuscode: 503   
2016-09-18 22:35:04
rbellamy@eanna i ~/kubernetes % kubectl get componentstatuses
NAME                 STATUS    MESSAGE              ERROR
controller-manager   Healthy   ok                   
scheduler            Healthy   ok                   
etcd-0               Healthy   {"health": "true"}   
2016-09-18 22:35:06
rbellamy@eanna i ~/kubernetes % kubectl get componentstatuses
NAME                 STATUS    MESSAGE              ERROR
scheduler            Healthy   ok                   
controller-manager   Healthy   ok                   
etcd-0               Healthy   {"health": "true"}   
2016-09-18 22:35:07
rbellamy@eanna i ~/kubernetes % kubectl get componentstatuses
NAME                 STATUS      MESSAGE                                  ERROR
controller-manager   Healthy     ok                                       
scheduler            Healthy     ok                                       
etcd-0               Unhealthy   HTTP probe failed with statuscode: 503   
2016-09-18 22:35:09
rbellamy@eanna i ~/kubernetes % kubectl get componentstatuses
NAME                 STATUS      MESSAGE                                  ERROR
controller-manager   Healthy     ok                                       
scheduler            Healthy     ok                                       
etcd-0               Unhealthy   HTTP probe failed with statuscode: 503

docker + CoreOS

As mentioned above, kubernetes seems to have problems maintaining a healthy connection to etcd, but those types of errors do not surface in kubernetes, as far as I could tell, except for via the cluster-info or get componentstatus commands. In other words, all pods will appear to be functioning.

When you begin investigating the CoreOS VMs that host the kubernetes cluster, there are a plethora of errors - the first being the ubiquitous etcdserver: failed to send out heartbeat on time,etcdserver: server is likely overloaded (etcd-io/etcd#5154), which might appear to require the addition of the heartbeat -interval and election-timeout values in the user_data.yml etcd2 section. Nope.

All of this appears to belong to CoreOS coreos/bugs#1554. However further reading brings you to moby/moby#26492, which in conjunction with a Host OS that runs the systemd-networkd.service create a race condition that prevents the docker veth device from being associated with the in-cluster bridge network.