Previously, there was an Unknown Access Error on OpenShift container image analysis. This was due to an issue with authenticating the service account.
This fix authenticates the service account that will allow image-inspector to pull images from the Openshift registry with authentication which has now resolved the issue.
Description of problem:
Getting the following error - image is pulled correctly, container starts up, but job stops a couple minutes later with an "unknown access error to pod"/HTTP Bad Gateway.
[----] I, [2016-02-02T11:40:06.091131 #15737:11e598c] INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#start) creating pod management-infra/manageiq-img-scan-8ea21f4b3377 to analyze docker image 8ea21f4b33771090a388616326edac7762b20d19310512cc6c4bc58ff76aeb39: {"apiVersion":"v1","kind":"Pod","metadata":{"name":"manageiq-img-scan-8ea21f4b3377","namespace":"management-infra","labels":{"name":"manageiq-img-scan-8ea21f4b3377","manageiq.org":"true"},"annotations":{"manageiq.org/hostname":"cl-rhm-4004.ba.ssa.gov","manageiq.org/guid":"1041ecd2-c47f-11e5-b3c2-1264baf72861","manageiq.org/image":"registry.access.redhat.com/openshift3/metrics-cassandra:3.1.0","manageiq.org/jobid":"9c382c32-c9cb-11e5-920c-1264baf72861"}},"spec":{"restartPolicy":"Never","containers":[{"name":"image-inspector","image":"docker.io/fsimonce/image-inspector:v0.1.3","command":["/usr/bin/image-inspector","--image=registry.access.redhat.com/openshift3/metrics-cassandra:3.1.0","--serve=0.0.0.0:8080"],"ports":[{"containerPort":8080}],"securityContext":{"privileged":true},"volumeMounts":[{"mountPath":"/var/run/docker.sock","name":"docker-socket"}]}],"volumes":[{"name":"docker-socket","hostPath":{"path":"/var/run/docker.sock"}}]}}
[----] I, [2016-02-02T11:40:11.080247 #15735:b1f990] INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#pod_wait) waiting for pod management-infra/manageiq-img-scan-8ea21f4b3377 to be available
[----] I, [2016-02-02T11:42:05.806632 #15735:b1f990] INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#pod_wait) unknown access error to pod management-infra/manageiq-img-scan-8ea21f4b3377: #<Net::HTTPBadGateway:0x0000000bb9bf58>
[----] I, [2016-02-02T11:42:08.919109 #15735:b1f990] INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#cleanup) deleting pod management-infra/manageiq-img-scan-8ea21f4b3377
Version-Release number of selected component (if applicable): 5.5.0
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2016:1348
Description of problem: Getting the following error - image is pulled correctly, container starts up, but job stops a couple minutes later with an "unknown access error to pod"/HTTP Bad Gateway. [----] I, [2016-02-02T11:40:06.091131 #15737:11e598c] INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#start) creating pod management-infra/manageiq-img-scan-8ea21f4b3377 to analyze docker image 8ea21f4b33771090a388616326edac7762b20d19310512cc6c4bc58ff76aeb39: {"apiVersion":"v1","kind":"Pod","metadata":{"name":"manageiq-img-scan-8ea21f4b3377","namespace":"management-infra","labels":{"name":"manageiq-img-scan-8ea21f4b3377","manageiq.org":"true"},"annotations":{"manageiq.org/hostname":"cl-rhm-4004.ba.ssa.gov","manageiq.org/guid":"1041ecd2-c47f-11e5-b3c2-1264baf72861","manageiq.org/image":"registry.access.redhat.com/openshift3/metrics-cassandra:3.1.0","manageiq.org/jobid":"9c382c32-c9cb-11e5-920c-1264baf72861"}},"spec":{"restartPolicy":"Never","containers":[{"name":"image-inspector","image":"docker.io/fsimonce/image-inspector:v0.1.3","command":["/usr/bin/image-inspector","--image=registry.access.redhat.com/openshift3/metrics-cassandra:3.1.0","--serve=0.0.0.0:8080"],"ports":[{"containerPort":8080}],"securityContext":{"privileged":true},"volumeMounts":[{"mountPath":"/var/run/docker.sock","name":"docker-socket"}]}],"volumes":[{"name":"docker-socket","hostPath":{"path":"/var/run/docker.sock"}}]}} [----] I, [2016-02-02T11:40:11.080247 #15735:b1f990] INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#pod_wait) waiting for pod management-infra/manageiq-img-scan-8ea21f4b3377 to be available [----] I, [2016-02-02T11:42:05.806632 #15735:b1f990] INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#pod_wait) unknown access error to pod management-infra/manageiq-img-scan-8ea21f4b3377: #<Net::HTTPBadGateway:0x0000000bb9bf58> [----] I, [2016-02-02T11:42:08.919109 #15735:b1f990] INFO -- : Q-task_id([9c382c32-c9cb-11e5-920c-1264baf72861]) MIQ(ManageIQ::Providers::Kubernetes::ContainerManager::Scanning::Job#cleanup) deleting pod management-infra/manageiq-img-scan-8ea21f4b3377 Version-Release number of selected component (if applicable): 5.5.0 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: