View Issue Details

IDProjectCategoryView StatusLast Update
0003269Rocky-Linux-9containers-commonpublic2023-05-20 18:15
ReporterUdayendu Kar Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
PlatformRocky Linux 8.8OS8OS Version8.8
Summary0003269: "pulling image: rpc error: code = Unknown desc = invalid policy in \"/etc/containers/policy.json\": Unknown key \"keyPaths\""
Description[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR ImagePull]: failed to pull image registry.k8s.io/kube-apiserver:v1.26.5: output: time="2023-05-20T23:11:21+05:30" level=fatal msg="pulling image: rpc error: code = Unknown desc = invalid policy in \"/etc/containers/policy.json\": Unknown key \"keyPaths\""
, error: exit status 1
        [ERROR ImagePull]: failed to pull image registry.k8s.io/kube-controller-manager:v1.26.5: output: time="2023-05-20T23:11:39+05:30" level=fatal msg="pulling image: rpc error: code = Unknown desc = invalid policy in \"/etc/containers/policy.json\": Unknown key \"keyPaths\""
, error: exit status 1
        [ERROR ImagePull]: failed to pull image registry.k8s.io/kube-scheduler:v1.26.5: output: time="2023-05-20T23:11:57+05:30" level=fatal msg="pulling image: rpc error: code = Unknown desc = invalid policy in \"/etc/containers/policy.json\": Unknown key \"keyPaths\""
, error: exit status 1
        [ERROR ImagePull]: failed to pull image registry.k8s.io/kube-proxy:v1.26.5: output: time="2023-05-20T23:12:15+05:30" level=fatal msg="pulling image: rpc error: code = Unknown desc = invalid policy in \"/etc/containers/policy.json\": Unknown key \"keyPaths\""
, error: exit status 1
        [ERROR ImagePull]: failed to pull image registry.k8s.io/pause:3.9: output: time="2023-05-20T23:12:34+05:30" level=fatal msg="pulling image: rpc error: code = Unknown desc = invalid policy in \"/etc/containers/policy.json\": Unknown key \"keyPaths\""
, error: exit status 1
        [ERROR ImagePull]: failed to pull image registry.k8s.io/etcd:3.5.6-0: output: time="2023-05-20T23:12:52+05:30" level=fatal msg="pulling image: rpc error: code = Unknown desc = invalid policy in \"/etc/containers/policy.json\": Unknown key \"keyPaths\""
, error: exit status 1
        [ERROR ImagePull]: failed to pull image registry.k8s.io/coredns/coredns:v1.9.3: output: time="2023-05-20T23:13:10+05:30" level=fatal msg="pulling image: rpc error: code = Unknown desc = invalid policy in \"/etc/containers/policy.json\": Unknown key \"keyPaths\""
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
Steps To ReproduceMake sure to have the following version of 'containers-common' package is installed in the system:

# rpm -qi containers-common
Name : containers-common
Epoch : 2
Version : 1
Release : 64.module+el8.8.0+1265+fa25dd7a
Architecture: x86_64
Install Date: Sat May 20 23:08:59 2023
Group : Unspecified
Size : 521080
License : ASL 2.0
Signature : RSA/SHA256, Wed May 17 03:08:41 2023, Key ID 15af5dac6d745a60
Source RPM : containers-common-1-64.module+el8.8.0+1265+fa25dd7a.src.rpm
Build Date : Wed May 17 02:52:24 2023
Build Host : ord1-prod-x86build005.svc.aws.rockylinux.org
Relocations : (not relocatable)
Packager : infrastructure@rockylinux.org
Vendor : Rocky
Summary : Common configuration and documentation for containers
Description :
This package contains common configuration files and documentation for container
tools ecosystem, such as Podman, Buildah and Skopeo.

It is required because the most of configuration files and docs come from projects
which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged
separately.

Then try to pull the required container images for kubernetes cluster configuration using the below command:

# kubeadm config images pull

The above command will fail with the error message as mentioned in the issue description.
Additional InformationTo fix this issue, the '/etc/containers/policy.json' file has to be updated with the following content:

{
  "default": [
    {
      "type": "insecureAcceptAnything"
    }
  ],
  "transports": {
    "docker": {
      "registry.access.redhat.com": [
        {
          "type": "signedBy",
          "keyType": "GPGKeys",
          "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
        }
      ],
      "registry.redhat.io": [
        {
          "type": "signedBy",
          "keyType": "GPGKeys",
          "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
        }
      ]
    },
    "docker-daemon": {
      "": [
        {
          "type": "insecureAcceptAnything"
        }
      ]
    }
  }
}
Tagsimagepull, kubernetes, policy

Activities

Udayendu Kar

Udayendu Kar

2023-05-20 18:15

reporter   ~0003435

The default 'policy.json' file is looking like the below which is causing the issue:

{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports": {
        "docker": {
            "registry.access.redhat.com": [
                {
                    "type": "signedBy",
                    "keyType": "GPGKeys",
                    "keyPaths": ["/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta"]
                }
            ],
            "registry.redhat.io": [
                {
                    "type": "signedBy",
                    "keyType": "GPGKeys",
                    "keyPaths": ["/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta"]
                }
            ]
        },
        "docker-daemon": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        }
    }
}

Issue History

Date Modified Username Field Change
2023-05-20 18:13 Udayendu Kar New Issue
2023-05-20 18:13 Udayendu Kar Tag Attached: imagepull
2023-05-20 18:13 Udayendu Kar Tag Attached: kubernetes
2023-05-20 18:13 Udayendu Kar Tag Attached: policy
2023-05-20 18:15 Udayendu Kar Note Added: 0003435