e2e: alpine image pull failure on CRI-O 1.34+ due to short name enforcement #1471
Description
What happend:
The install-cni-plugins daemonset in the e2e test setup fails to start because CRI-O 1.34 refuses to pull the alpine image due to short name mode enforcement.
$ kubectl get pod -n kube-system -l name=cni-plugins
NAME READY STATUS RESTARTS AGE
install-cni-plugins-2rpm4 0/1 ImagePullBackOff 0 9m
install-cni-plugins-4njl9 0/1 ImagePullBackOff 0 9m
$ kubectl describe pod -n kube-system install-cni-plugins-2rpm4
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning Failed 6m kubelet Failed to pull image "alpine": short name mode is enforcing, but image name alpine:latest returns ambiguous list
Warning Failed 6m kubelet Error: ErrImagePull
The issue is in e2e/templates/cni-install.yml.j2 which uses image: alpine (unqualified short name).
What you expected to happen:
The install-cni-plugins pods should start successfully...
How to reproduce it (as minimally and precisely as possible):
Spin up a Kubernetes 1.34 cluster with CRI-O 1.34 (e.g., using kubevirtci k8s-1.34 provider)
Deploy the multus e2e test environment using e2e/templates/cni-install.yml.j2
Observe the pods fail with ImagePullBackOff
example
Anything else we need to know?:
CRI-O 1.34 enforces "short name mode" by default, which refuses to pull images with unqualified names like alpine because they're ambiguous (could resolve to docker.io, quay.io, etc.).
temporary fix:
kubectl set image daemonset/install-cni-plugins -n kube-system install-cni-plugins=docker.io/library/alpine
Environment:
- Multus version: v4.2.3 (commit 2ecd4f4) (but also on master)
image path and image ID (from 'docker images') - Kubernetes version (use
kubectl version):
Client Version: v1.34.1
Server Version: v1.34.1
- Primary CNI for Kubernetes cluster: Calico v3.26.5
- OS (e.g. from /etc/os-release): CentOS Stream 9 (kubevirtci node image)
- Container Runtime: CRI-O 1.34
- File of '/etc/cni/net.d/' N/A (issue occurs before CNI setup completes)
- File of '/etc/cni/multus/net.d' N/A
- NetworkAttachment info (use
kubectl get net-attach-def -o yaml) N/A - Target pod yaml info (with annotation, use
kubectl get pod <podname> -o yaml) The failing pod is from e2e/templates/cni-install.yml.j2 daemonset - Other log outputs (if you use multus logging) N/A (image pull failure, container never starts)