short name mode is enforcing, but image name caapim/tls-automator:5.3.3 returns ambiguous list
search cancel

short name mode is enforcing, but image name caapim/tls-automator:5.3.3 returns ambiguous list

book

Article ID: 423187

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

An attempt to install Portal on Kubernetes ended in failure. The following data were collected:

 

[portal] helm install api-poc-portal --set-file "portal.registryCredentials=/portalpoc/docker-secret.yaml" layer7/portal -n portal -f values-ca.yaml
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/xx/.kube-h/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/xx/.kube-h/config
W1204 09:50:31.828148   26039 warnings.go:70] spec.SessionAffinity is ignored for headless services
Error: INSTALLATION FAILED: failed pre-install: 1 error occurred:
        * timed out waiting for the condition

 

[portal] $kubectl get pods -n portal
NAME                                                                         READY   STATUS                  RESTARTS   AGE
api-poc-portal-mysql-0                                                0/1     Init:0/1                       0          5m20s
api-poc-portal-tls-manager-5htwn                              0/1     ImageInspectError   0          5m18s

 

Error : 

  Warning  Failed         7m25s (x12 over 9m32s)  kubelet, 999.999.999.999  Error: ImageInspectError
  Warning  InspectFailed  4m24s (x27 over 9m32s)  kubelet, 999.999.999.999  Failed to inspect image "": rpc error: code = Unknown desc = short name mode is enforcing, but image name caapim/tls-automator:5.3.3 returns ambiguous list

Environment

Component: CA API Developer Portal
Reelase: 5.x
Kubernetes 1.34
Container Runtime: cri-o

Cause

Starting with Kubernetes 1.34, ambiguous short image names will no longer work in CRI-O container runtime and will result in an error. 

Resolution

To confirm the cause of the issue

  • Check the version of the kubernetes where the helm install/upgrade command was used. The following is a sample output:
$kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.1", GitCommit:"d647ddbd755faf07169599a625faf302ffc34458", GitTreeState:"clean", BuildDate:"2019-10-02T17:01:15Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"34", GitVersion:"v1.34.1", GitCommit:"dd2e1117b7d336d7d893d1e273f967a977c26d38", GitTreeState:"clean", BuildDate:"2025-09-12T09:04:01Z", GoVersion:"go1.24.7 140-3", Compiler:"gc", Platform:"linux/arm64"}

In this case, we see the GitVersion being v1.34.1

  • Check the container Runtime, the following is a sample output
$kubectl get nodes -o wide
NAME         STATUS   ROLES   AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                   KERNEL-VERSION                   CONTAINER-RUNTIME
999.999.999.999   Ready    node    48d   v1.34.1   999.999.999.999    <none>        Oracle Linux Server 8.10   5.15.0-311.185.9.el8uek.x86_64   cri-o://1.34.0-66.1c4616d3c11.el8

In this case, we see the container runtime being cri-o://1.34.0-66.1c4616d3c11.el8

As of layer7 portal chart version of 2.3.20, portal version 5.4, Kubernetes 1.34 is not supported. To resolve this, you will have to downgrade the Kubernetes to either 1.33 or 1.32.

 

 

Additional Information

For more infomration regarding this, see the folloing doc on the Internet:

Kubernetes 1.34 “short name mode is enforcing”

Powered by Wolken Software