Kubernetes does not pull docker image from private repository without https

Question

I configured docker on the same host as my kubernetes-master for the private docker registry.
Docker pushing to the private docker registry without https was successful.
I also can pull the image just using docker.

When I run kubernetes for this image, I get with 'kubectl describe pods' following log :

kubectl describe pods
Name:       fgpra-250514157-yh6vb
Namespace:  default
Node:       5.179.232.64/5.179.232.64
Start Time: Tue, 11 Oct 2016 18:06:59 +0200
Labels:     pod-template-hash=250514157,run=fgpra
Status:     Pending
IP:     <removed myself>
Controllers:    ReplicaSet/fgpra-250514157
Containers:
  fgpra:
    Container ID:   
    Image:      5.179.232.65:5000/some_api_image
    Image ID:       
    Port:       3000/TCP
    QoS Tier:
      cpu:      BestEffort
      memory:       BestEffort
    State:      Waiting
      Reason:       ErrImagePull
    Ready:      False
    Restart Count:  0
    Environment Variables:
Conditions:
  Type      Status
  Ready     False 
Volumes:
  default-token-q7u3x:
    Type:   Secret (a volume populated by a Secret)
    SecretName: default-token-q7u3x
Events:
  FirstSeen LastSeen    Count   From            SubobjectPath       Type        Reason          Message
  --------- --------    -----   ----            -------------       --------    ------          -------
  4s        4s      1   {default-scheduler }                Normal      Scheduled       Successfully assigned fgpra-250514157-yh6vb to 5.179.232.64
  4s        4s      1   {kubelet 5.179.232.64}              Warning     MissingClusterDNS   kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
  4s        4s      1   {kubelet 5.179.232.64}  spec.containers{fgpra}  Normal      Pulling         pulling image "5.179.232.65:5000/some_api_image"
  4s        4s      1   {kubelet 5.179.232.64}  spec.containers{fgpra}  Warning     Failed          Failed to pull image "5.179.232.65:5000/some_api_image": unable to ping registry endpoint https://5.179.232.65:5000/v0/
v2 ping attempt failed with error: Get https://5.179.232.65:5000/v2/: http: server gave HTTP response to HTTPS client
 v1 ping attempt failed with error: Get https://5.179.232.65:5000/v1/_ping: http: server gave HTTP response to HTTPS client
  4s    4s  1   {kubelet 5.179.232.64}      Warning FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "fgpra" with ErrImagePull: "unable to ping registry endpoint https://5.179.232.65:5000/v0/\nv2 ping attempt failed with error: Get https://5.179.232.65:5000/v2/: http: server gave HTTP response to HTTPS client\n v1 ping attempt failed with error: Get https://5.179.232.65:5000/v1/_ping: http: server gave HTTP response to HTTPS client"

  3s    3s  1   {kubelet 5.179.232.64}  spec.containers{fgpra}  Normal  BackOff     Back-off pulling image "5.179.232.65:5000/some_api_image"
  3s    3s  1   {kubelet 5.179.232.64}              Warning FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "fgpra" with ImagePullBackOff: "Back-off pulling image \"5.179.232.65:5000/some_api_image\""

I already configured my /etc/init.d/sysconfig/docker to use my insecure private registry.

This is the command to start the kubernetes deployment :

kubectl run fgpra --image=5.179.232.65:5000/some_api_image --port=3000

How can I set kubernetes to pull from my private docker registry without using ssl?

Answer 1

This rather a docker issue than a kubernetes one. You need to add your http registry as a insecure-registry to your docker daemon on each kubernetes node.

docker daemon --insecure-registry=5.179.232.65:5000

In most environment there is a file like /etc/default/docker where you can add this parameter.