Quay.io ACI deprecation and Container Linux
Benjamin Gilbert
On June 13, Quay.io will remove support for the ACI container image format. If you run etcd-member.service, flanneld.service, or kubelet-wrapper on Container Linux versions older than 2512.1.0, this may affect you.
The Container Linux etcd-member and flanneld services, and the kubelet-wrapper script, fetch container images from Quay.io by default. On Container Linux before 2512.1.0, these images are fetched in ACI format, so after June 13 those services will no longer function on machines newly launched from older Container Linux images. Existing Container Linux machines will continue to work, since the corresponding container image will be in cache.
If you are unable to update to the latest version of Container Linux, you can work around this issue with the following Container Linux Config:
systemd:
units:
- name: etcd-member.service
dropins:
- name: docker.conf
contents: |
[Service]
Environment=ETCD_IMAGE_URL=docker://quay.io/coreos/etcd
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/etcd-member-wrapper.uuid --insecure-options=image"
- name: flanneld.service
dropins:
- name: docker.conf
contents: |
[Service]
Environment=FLANNEL_IMAGE_URL=docker://quay.io/coreos/flannel
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper.uuid --insecure-options=image"
- name: flannel-docker-opts.service
dropins:
- name: docker.conf
contents: |
[Service]
Environment=FLANNEL_IMAGE_URL=docker://quay.io/coreos/flannel
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper2.uuid --insecure-options=image"
- name: kubelet.service
dropins:
- name: docker.conf
contents: |
[Service]
Environment=KUBELET_IMAGE_URL=docker://quay.io/coreos/hyperkube
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/run/kubelet-pod.uuid --insecure-options=image"
As a reminder, CoreOS Container Linux will reach its end of life on May 26 and will not be maintained or updated after that date.
Best,
--Benjamin Gilbert