err="decoded credential has wrong number of fields (expected 2, got 1) #2547
Comments
|
i want to know how the config to wirte ? |
|
It looks like you have run into #1596: credentials created with kubectl 1.13.1 (I think) are defective. |
|
but i create it with 1.14.7 , it do not work |
|
Same problem here and I'm using k8s 1.16.1. Apparently this error is associated with another error "err=requesting tags: Get https://[url]: no basic auth credentials". I'm using a private repo (gitlab) and flux can't get any info from this private repo. |
|
@daemonio Do you |
|
Can't get it to work with any of the proposed "fixes" for ACR throughout all the issues as well 👎 caller=loop.go:127 component=sync-loop event=refreshed url=[git repo url omitted] branch=dev HEAD=684cea532a27fdedb64f373bd2e1853ac6b6de30
caller=images.go:107 resource=kube-system:daemonset/azure-cni-networkmonitor err="decoded credential has wrong number of fields (expected 2, got 1)"
|
|
@marcus-sa your comment would be more helpful for us maintainers if it provided more information than what we already know. E.g. by providing the information @squaremo requested:
The sooner we have a confirmation of this, the sooner we can start reproducing the issue, the sooner a "fix" will be available. |
|
@hiddeco my bad. {
"auths": {
"[repo name omitted].azurecr.io": {
"auth": "[token omitted]",
"identitytoken": "[token omitted]"
}
}
} |
|
@marcus-sa So just to confirm: the Azure tooling deliberately creates docker configs with that form, and it's not a quirk of some bit of rogue machinery (e.g., an old version of kubectl)? |
|
@squaremo nope, the Azure CLI uses that exactly for authorization. https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication You specifically attach an ACR to an AKS cluster, which means it'll have access to ACR without requiring any manual setup. |
|
Any updates on this? |
Just want to echo the ask for updates. Also trying to set up FluxCD on Azure and this is currently blocking me from moving forward with it. |
|
I just use argcd ,it easy to use |
|
Reopening since this still seems to be a problem |
|
Examining the problem reported vs the code again, I see that the code will baulk if the @marcus-sa and @davidtom Looks like there's a bunch of ways to get credentials for ACR, and the docs aren't clear about what each one actually does :-/ So may I ask: which method are you using (or hoping to use with flux) -- "Integrate with AKS", "Repository-scoped access token", or another? And, do are you able to describe what [whichever method] ends up doing -- does it put a file on the host, or does it give you a docker config.json to use as an image secret, or something else? @marcus-sa When you create a config.json, does the auth field decode to a |
|
I'm unable to get this working with ACR as Flux seems to expect a user:pass: https://github.com/fluxcd/flux/blob/master/pkg/registry/credentials_test.go#L11 ACR seems to expect an auth token which is based on user:pass: https://github.com/Azure/acr/blob/master/docs/Token-BasicAuth.md |
|
@squaremo apologies on the long response time, I missed this notification somehow. I've been trying to use the "Integrate with AKS" method, I believe. Based on info from the troubleshooting document, I tried setting I've since realized we probably don't need registry scanning, at least as we start to use Flux, so I've moved on from this for now. However, knowing its possible to get working would be great so we could consider further automating our deployments in the future. |
|
Using these helm options I was able to enable ACR scanning: https://github.com/fluxcd/flux/blob/master/pkg/registry/azure.go#L25 registry.disableScanning=false According to the logs flux was able to detect the new tag however it did not update the deployment resource: ts=2020-03-20T12:10:30.842861743Z caller=warming.go:198 component=warmer info="refreshing image" image=myreponame.azurecr.io/namespace/app tag_count=10 to_update=1 of_which_refresh=0 of_which_missing=1 What is the significance of these fields: tag_count=10 <= current tag count? |
|
Flux support on Azure, and with Azure DevOps, is well documented now for Flux v2: https://fluxcd.io/docs/use-cases/azure/ I am not sure if anyone on this thread still needs support, but if so please don't take closing this issue as turning you away. I am trying to reduce the number of stale issues in the queue. I will be happy to work with you if there is an active issue. Flux v1 is formally superseded since the GitOps Toolkit APIs have been declared stable: https://fluxcd.io/docs/migration/timetable/ The repo will remain in maintenance for some time, but no new features can be accepted. Bugs can be addressed if they are critical and there is a PR to resolve it, but soon only CVEs can be addressed in Flux v1, and new users are all recommended to use Flux v2 for some time now. Thanks for using Flux! |
err="decoded credential has wrong number of fields (expected 2, got 1)
--docker-config=config.sjon
config.json
{"auths":{"harbor.XXXXX.com":{"auth":"xxxxxxx"}}}The text was updated successfully, but these errors were encountered: