Add docs for 403 forbidden on gcr.io pull

Question

Add docs for 403 forbidden on gcr.io pull

Closed this issue a month ago · 5 comments

mrclrchtr commented 2 months ago

It's because of blacklisted IP.

kubernetes/registry.k8s.io#138

Answer 1 · 2024-08-25T10:27:54.000Z

Any workaround for this? I tried installing spegel, but i did not manage to make it work 😊

Answer 2 · 2024-08-25T19:44:06.000Z

Hi,

Unfortunately no... a Docker proxy would help. Spegel is unfortunately “too late” in the chain for it to help. I have been in contact with support. Here is the communication:

Hetzner

Unfortunately, some of our IPs are incorrectly located in Iran by some GeoIP databases. We cannot influence these databases. If this causes problems, please create a snapshot and create a new server with this snapshot. You can then delete the “faulty” server.

Me

I work with Terraform and therefore probably get the same IP again and again. Even when completely deleting and recreating.

Hetzner

Unfortunately, the IP assignment is random and cannot be influenced by us. However, if the current server is deleted after a new server has been created, it should be assigned a different IP address.

Answer 3 · 2024-09-13T19:00:51.000Z

Install Harbor and use it as proxy for docker image registries. Talos supports Harbor. Worked for me.

Answer 4 · 2024-09-13T20:13:30.000Z

You mean install Harbour somewhere else?

Answer 5 · 2024-09-14T11:39:41.000Z

You mean install Harbour somewhere else?

Yes, separate server in hetzner cloud, with "good" ip address. Use harbor robot token in talos registries configuration.