Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firewall issues #58

Closed
EvertonSA opened this issue Feb 11, 2024 · 4 comments
Closed

firewall issues #58

EvertonSA opened this issue Feb 11, 2024 · 4 comments
Assignees
@MahithaB

Comments

@EvertonSA
Copy link

EvertonSA commented Feb 11, 2024
edited
Loading

ever since you migrated from partnership-public-images.jfrog.io to releases-pts-observability-fluentd.jfrog.io, I have image pull issues due to firewall.

I have been fighting with my network/security team to whitelist all redirects, but this is causing a lot of friction between network/security team and my team. they have the firewall, they have the firewall logs and i dont have access. they say nothing is blocked but it is.

I have managed to whitelist the following:

releases-pts-observability-fluentd.jfrog.io  
releases.jfrog.io  
endpointdns-prod-use1-lb.jfrog.io  
k8s-jfrogsaa-jfrogsaa-fb6f041eda-44b5904933c69ac1.elb.us-east-1.amazonaws.com
jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com  
s3-1-w.amazonaws.com  
s3-w.us-east-1.amazonaws.com
jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com 
s3-1-w.amazonaws.com

but no success... question is, why this image is not on releases-docker.jfrog.io like all the images on the official charts?
@EvertonSA
Copy link
Author

relates to #55 and #57

@EvertonSA
Copy link
Author

https://hub.docker.com/r/evearakaki/jfrog-fluent i have been puling and pushing ever since

@MahithaB
Copy link
Collaborator

@EvertonSA can you please give me the exact error messages for the pull issues you have. Thanks!

@EvertonSA
Copy link
Author

hi @MahithaB, I just tested this morning from the clusters i have the firewall whitelisting and it works 👀

from the cluster I have no firewall whitelisting, I get the following:

Failed to pull image "releases-pts-observability-fluentd.jfrog.io/fluentd:2.1": failed to pull and unpack image "releases-pts-observability-fluentd.jfrog.io/fluentd:2.1": failed to resolve reference "releases-pts-observability-fluentd.jfrog.io/fluentd:2.1": failed to do request: Head "https://releases-pts-observability-fluentd.jfrog.io/v2/fluentd/manifests/2.1": EOF

all these URL's below I was able to get from a tcpdump + wireshark analisys:

releases-pts-observability-fluentd.jfrog.io  
releases.jfrog.io  
endpointdns-prod-use1-lb.jfrog.io  
k8s-jfrogsaa-jfrogsaa-fb6f041eda-44b5904933c69ac1.elb.us-east-1.amazonaws.com
jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com  
s3-1-w.amazonaws.com  
s3-w.us-east-1.amazonaws.com
jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com 
s3-1-w.amazonaws.com

without these (maybe not all of those) firewall whitelisting, the pull of the image fails dramatically.

what I as a paying enterprise + customer would like to see is the move of these official supported images to the official releases-docker.jfrog.io instead of releases-pts-observability-fluentd.jfrog.io. If you need a support ticket let me know I can open that in a few minutes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MahithaB MahithaB

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EvertonSA @MahithaB