Home > Software design >  SOLVED - Kubernetes can't pull private image from docker
SOLVED - Kubernetes can't pull private image from docker

Time:05-17

I hope somebody can help me. I'm trying to pull a private docker image with no success. I already tried some solutions that I found, but without success.

Docker, Gitlab, Gitlab-Runner, Kubernetes all run on the same server

Insecure Registry

$ sudo cat /etc/docker/daemon.json
{ "insecure-registries":["10.0.10.20:5555"]}

Config.json

$ cat .docker/config.json
{
        "auths": {
                "10.0.10.20:5555": {
                        "auth": "NDUwNjkwNDcwODoxMjM0NTZzIQ=="
                },
                "https://index.docker.io/v1/": {
                        "auth": "NDUwNjkwNDcwODpGcGZHMXQyMDIyQCE="
                }
        }
}

Secret

$ kubectl create secret generic regcred \
    --from-file=.dockerconfigjson=~/.docker/config.json \
    --type=kubernetes.io/dockerconfigjson

I'm trying to create a Kubernetes pod from a private docker image. However, I get the following error:

Name:         private-reg
Namespace:    default
Priority:     0
Node:         10.0.10.20
Start Time:   Thu, 12 May 2022 12:44:22 -0400
Labels:       <none>
Annotations:  <none>
Status:       Pending
IP:           10.244.0.61
IPs:
  IP:  10.244.0.61
Containers:
  private-reg-container:
    Container ID:
    Image:          10.0.10.20:5555/development/app-image-base:latest
    Image ID:
    Port:           <none>
    Host Port:      <none>
    State:          Waiting
      Reason:       ErrImagePull
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-stjn4 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  kube-api-access-stjn4:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason   Age                    From     Message
  ----     ------   ----                   ----     -------
  Normal   BackOff  2m7s (x465 over 107m)  kubelet  Back-off pulling image "10.0.10.20:5555/development/expedicao-api-image-base:latest"
  Normal   Pulling  17s (x3 over 53s)      kubelet  Pulling image "10.0.10.20:5555/development/expedicao-api-image-base:latest"
  Warning  Failed   17s (x3 over 53s)      kubelet  Failed to pull image "10.0.10.20:5555/development/expedicao-api-image-base:latest": rpc error: code = Unknown desc = failed to pull and unpack image "10.0.10.20:5555/development/app-image-base:latest": failed to resolve reference "10.0.10.20:5555/development/app-image-base:latest": failed to do request: Head "https://10.0.10.20:5555/v2/development/app-image-base/manifests/latest": http: server gave HTTP response to HTTPS client
  Warning  Failed   17s (x3 over 53s)      kubelet  Error: ErrImagePull
  Normal   BackOff  3s (x2 over 29s)       kubelet  Back-off pulling image "10.0.10.20:5555/development/expedicao-api-image-base:latest"
  Warning  Failed   3s (x2 over 29s)       kubelet  Error: ImagePullBackOff

When I pull the image directly in docker, no problem occurs even with the secret

Pull image

$ docker login 10.0.10.20:5555
Username: 4506904708
Password:
WARNING! Your password will be stored unencrypted in ~/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
$ docker pull 10.0.10.20:5555/development/app-image-base:latest
latest: Pulling from development/app-image-base
Digest: sha256:1385a8aa2bc7bac1a8d3e92ead66fdf5db3d6625b736d908d1fec61ba59b6bdc
Status: Image is up to date for 10.0.10.20:5555/development/app-image-base:latest
10.0.10.20:5555/development/app-image-base:latest

Can someone help me?

EDIT - SOLVED I solved the problem by creating a file /etc/containerd/config.toml

.

# Config file is parsed as version 1 by default.
# To use the long form of plugin names set "version = 2"
[plugins.cri.registry.mirrors]
  [plugins.cri.registry.mirrors."10.0.10.20:5555"]
    endpoint = ["http://10.0.10.20:5555"]

CodePudding user response:

Solved

First, you need to create a file in /etc/containerd/config.toml

# Config file is parsed as version 1 by default.
# To use the long form of plugin names set "version = 2"
[plugins.cri.registry.mirrors]
  [plugins.cri.registry.mirrors."10.0.10.20:5555"]
    endpoint = ["http://10.0.10.20:5555"]

Second, restart contained

$ systemctl restart containerd
  • Related