I want to deploy a pod via YAML from docker image that is successfully pushed to the local registry. Please note that it is a local registry and I am not interested in using any Private registry.
My dev envrionment is - Minikube/K8S, Docker, Ubuntu
Yaml file snippet:
apiVersion: apps/v1
kind: Deployment
metadata:
name: apirestapp-deployment
labels:
app: apirestapp
spec:
replicas: 1
selector:
matchLabels:
app: apirestapp
template:
metadata:
labels:
app: apirestapp
spec:
containers:
- name: test-api-rest
image: 192.168.xx.yy:5000/test-api-rest:1.0
imagePullPolicy: Always
In short, my procedure is:
- created local docker repository – done
- created the Dockerfile for my app - done
- created the image from Dockerfile - done
- push the image to local registry - done
- I face an error when I execute the kubectl command:
$ kubectl apply -f test-api-rest-all.yaml
I am getting ImagePullBackOff error:
Failed to pull image "192.168.xx.yy:5000/test-api-rest:1.0": rpc error: code = Unknown desc = Error response from daemon: Get "https://192.168.xx.yy:5000/v2/": http: server gave HTTP response to HTTPS client
It is also important to share that I have also tried achieving my objective by creating the image in Minikube Registry, there also I face the same error.
I understand it is related to 'insecure-registry' entry, so I have already tried with an insecure-registry thing in /etc/docker/daemon.json.
CodePudding user response:
Since you are already using minikube you could simply build the docker image in the docker environment where minikube is running.
# setup docker env from minikube
eval $(minikube docker-env)
# build image
docker build -t test-api-rest:1.0 .
# use the local image
kubectl create deploy apirestapp --image=test-api-rest:1.0
CodePudding user response:
You need to enable https for your docker registry with REGISTRY_HTTP_TLS_CERTIFICATE, REGISTRY_HTTP_TLS_KEY:
openssl req \
-newkey rsa:2048 -nodes -sha256 -keyout certs/domain.key \
-addext "subjectAltName = IP:AAA.BBB.CCC.DDD" \
-x509 -days 365 -out certs/domain.crt
docker run -d \
--restart=always \
--name registry \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-p 5000:443 \
registry:latest
Add this line to your /etc/docker/daemon.json: "insecure-registries" : ["AAA.BBB.CCC.DDD:5000"]
since self-signed cert is in used here. Restart your docker service sudo systemctl restart docker.service
.