Do registry mirrors work before having a running CNI? #8940
Unanswered
michel-zimmer
asked this question in
Q&A
Replies: 1 comment
-
Setting the mirrors doesn't depend on the CNI You can execute https://github.com/containerd/containerd/blob/main/docs/hosts.md |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello, I'm trying to run Talos with Cilium and behind a corporate firewall with a registry mirror.
Everything works as expected unless I try to achieve both at the same time.
Without a manual CNI deployment everything appears to be working.
For example I've deployed ArgoCD using the upstream images from
quay.io
.In the next iteration I wanted to deploy Clilium as CNI.
As described in the documentation I've disabled the default CNI:
Then when using
helm … argocd argo-cd --repo https://argoproj.github.io/argo-helm …
and after waiting a bit I get lines like the following in the logs from cri (talosctl … logs cri
):This looks exactly like every other case where something is blocked by our firewall as no TCP connection can be established.
But I would have expected Talos not trying to pull the images from
quay.io
directly. The IP address from the logs is not our registry mirror but instead is one of the public IP addresses we get when looking upquay.io
.So does someone know what's going on here? Is it actually not possible to use a registry mirror before / while installing a custom CNI currently?
Thanks and best regards :)
Beta Was this translation helpful? Give feedback.
All reactions