Symptoms
When the Event Streams chart is deployed, an Internal service error
occurs stating that there are no matching repositories in the ImagePolicies
.
Causes
Image policies are used to control access to Docker repositories and it is necessary to ensure that there is a suitable policy in place before the chart is installed.
This situation occurs when there are image policies defined for the namespace into which the chart is being deployed, but none of them include the required repositories. To confirm this, list the image policies defined as follows:
kubectl get imagepolicy
For each image policy, you can check which repositories it includes as follows:
kubectl describe imagepolicy <imagePolicyName>
If you are using Event Streams (not the Community Edition), you will need access to the following image repositories:
- docker.io
- mycluster.icp:8500
If you are using Community Edition, you need access to the following image repositories:
- docker.io
Note: Event Streams Community Edition is no longer available from 1 May 2020. For information about trying out Kafka and Event Streams for free, see the product pages.
Resolving the problem
To apply an image policy, create a new yaml file with the following content, replacing the namespace with the namespace into which the chart will be deployed and the name with a name of your choice.
Important: Always ensure you install Event Streams in a dedicated namespace. Do not use any of the default namespaces (default
, kube-system
, kube-public
, and so on).
The following is an example where we are adding both repositories:
apiVersion: securityenforcement.admission.cloud.ibm.com/v1beta1
kind: ImagePolicy
metadata:
name: <imagePolicyName>
namespace: <namespace>
spec:
repositories:
- name: docker.io/*
policy: null
- name: mycluster.icp:8500/*
policy: null
Then run the following command to create the image policy:
kubectl apply -f <yamlFile>
Finally, repeat the installation steps to deploy the chart.