Attention: This version of Event Streams has reached End of Support. For more information about supported versions, see the support matrix.

Chart deployment fails with ‘no matching repositories in the ImagePolicies’ error

Symptoms

When the Event Streams chart is deployed, an Internal service error occurs stating that there are no matching repositories in the ImagePolicies.

Causes

Image policies are used to control access to Docker repositories and it is necessary to ensure that there is a suitable policy in place before the chart is installed.

This situation occurs when there are image policies defined for the namespace into which the chart is being deployed, but none of them include the required repositories. To confirm this, list the image policies defined as follows:

kubectl get imagepolicy

For each image policy, you can check which repositories it includes as follows:

kubectl describe imagepolicy <imagePolicyName>

If you are using Event Streams (not the Community Edition), you will need access to the following image repositories:

  • docker.io
  • mycluster.icp:8500

If you are using Community Edition, you need access to the following image repositories:

  • docker.io

Note: Event Streams Community Edition is no longer available from 1 May 2020. For information about trying out Kafka and Event Streams for free, see the product pages.

Resolving the problem

To apply an image policy, create a new yaml file with the following content, replacing the namespace with the namespace into which the chart will be deployed and the name with a name of your choice.

Important: Always ensure you install Event Streams in a dedicated namespace. Do not use any of the default namespaces (default, kube-system, kube-public, and so on).

The following is an example where we are adding both repositories:

apiVersion: securityenforcement.admission.cloud.ibm.com/v1beta1
kind: ImagePolicy
metadata:
  name: <imagePolicyName>
  namespace: <namespace>
spec:
  repositories:
  - name: docker.io/*
    policy: null
  - name: mycluster.icp:8500/*
    policy: null

Then run the following command to create the image policy:

kubectl apply -f <yamlFile>

Finally, repeat the installation steps to deploy the chart.