Home > Software engineering >  Kubernetes pull image from private insecure registry fails
Kubernetes pull image from private insecure registry fails

Time:12-23

I have an unsecured private docker registry hosted on a vm server (vm1). I am trying to create a k8s deployment from an image pushed on to this registry. Surprising the docker pull command works fine since I have configured /etc/docker/daemon.json with insecure-registries.

The detailed error through the kubectl describe command is as below. Any idea what could be going wrong?

Thanks.

Failed to pull image "vm1:5000/temp/leads:latest": rpc error: code = Unknown desc = failed to pull and unpack image "vm1:5000/temp/leads:latest": failed to resolve reference "vm1:5000/temp/leads:latest": failed to do request: Head "https://vm1:5000/v2/temp/leads/manifests/latest": http: server gave HTTP response to HTTPS client

The docker pull command is

docker pull vm1:5000/temp/leads:latest

The k8s manifest file is as follows

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
  namespace: oleads
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
        - name: my-app
          image: vm1:5000/temp/leads:latest
          resources:
            requests:
              memory: "64Mi"
              cpu: 0.5
            limits:
              memory: "512Mi"
              cpu: 0.5
          ports:
          - containerPort: 8980
          imagePullPolicy: Always

CodePudding user response:

we had the same issue , the solution could be adding the insecure registry with docker deamon.

Activity on all nodes


create a file in : /etc/docker/daemon.json and add the insecure registry details :

{ "insecure-registries":["vm1:5000"] }

and restart docker on all nodes .

CodePudding user response:

I realised that the kubernetes engine I am using k3s uses a different container runtime. It uses containerd instead of docker. With k3s the config for using private registries is different. It is mentioned here.

The config I had to add in /etc/rancher/k3s/registries.yaml file is

mirrors:
  vm1:5000:
    endpoint:
      - "http://vm1:5000"

Restarting the k3s service after adding this file resolved the issue and k8s was able to pull the image from my private insecured docker registry.

  • Related