Hey all,
I ran into a problem recently on OCP where my KSVC fails with:
Revision failed with message: Unable to fetch image failed to resolve image to digest: GET Authentication is required.
I'm using a private artifactory registry, but up until now this was not a problem because my KSVC has a serviceAccountName attached to it which has the correct pull secret. I can use this service account in other pods and the images pull successfully.
I only started seeing this problem once I tried to deploy into a new namespace separate from my non Knative parts of the application. The new namespace also has the same image pull secret and the same service account, so i'm confused as to why it's failing to resolve image to digest. The service account works for other pods, just not resolving the image.
https://github.com/knative/serving/issues/6895 I was reading this issue and skipping tag resolution does solve the problem, but the nature of my application it's hard to specify a list of registries to ignore. Supplying the digest directly also is not ideal as it does not fit well into our pipeline.
Does anyone have any ideas as to what difference between the namespaces could be causing this problem? It's really strange to me that using the same secret and service account the deployment only works in one of the namespaces, so there must be something linking my KSVC to the original namespace, I just can't figure out what it is.
Any advice or possible areas to investigate would be so helpful if anyone has any tips! Thanks.