i've got a kubernetes node, control-plane, which is untainted for deploying pods to. i've got a docker image sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2.
i'm signed into docker cli. the daemon.json is set with insecure registry and i can verify with docker info :
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: sdmay2342
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
sdmay23-42.ece.iastate.edu:5000
127.0.0.0/8
Live Restore Enabled: false
i can pull the image:
Status: Image is up to date for sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2
sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2
i can build a container from the image:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad582a4d514b sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2 "docker-entrypoint.s…" 6 seconds ago Up 6 seconds 3000/tcp test-frontend
when i deploy it to the node from yaml manifest, i get an error. basic manifest:
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- name: test-container
image: sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2
ports:
- containerPort: 6379
command: sudo kubectl create -f test-deploy.yaml
response: pod/test-pod created
the description of the pod:
Name: test-pod
Namespace: default
Priority: 0
Service Account: default
Node: sdmay23-42/10.29.160.55
Start Time: Sun, 27 Nov 2022 18:46:54 0000
Labels: <none>
Annotations: <none>
Status: Pending
IP: 10.244.0.116
IPs:
IP: 10.244.0.116
Containers:
test-container:
Container ID:
Image: sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2
Image ID:
Port: 6379/TCP
Host Port: 0/TCP
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-bvwzz (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-bvwzz:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 51s default-scheduler Successfully assigned default/test-pod to sdmay23-42
Normal BackOff 23s (x2 over 50s) kubelet Back-off pulling image "sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2"
Warning Failed 23s (x2 over 50s) kubelet Error: ImagePullBackOff
Normal Pulling 12s (x3 over 50s) kubelet Pulling image "sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2"
Warning Failed 12s (x3 over 50s) kubelet Failed to pull image "sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2": rpc error: code = Unknown desc = failed to pull and unpack image "sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2": failed to resolve reference "sdmay23-42.ece.iastate.edu:5000/canvas-lti-frontend:v2": failed to do request: Head "https://sdmay23-42.ece.iastate.edu:5000/v2/canvas-lti-frontend/manifests/v2": http: server gave HTTP response to HTTPS client
Warning Failed 12s (x3 over 50s) kubelet Error: ErrImagePull
CodePudding user response:
the solution was to configure containerd to accept insecure registries. i had thought kubernetes was using docker. you can do kubectl get nodes -o wide to see information about container runtime.
steps for configuring containrd here: How to pull docker image from a insecure private registry with latest Kubernetes.