Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Kubernetes does not pull docker image from private repository without https

I configured docker on the same host as my kubernetes-master for the private docker registry.
Docker pushing to the private docker registry without https was successful.
I also can pull the image just using docker.

When I run kubernetes for this image, I get with 'kubectl describe pods' following log :

kubectl describe pods
Name:       fgpra-250514157-yh6vb
Namespace:  default
Node:       5.179.232.64/5.179.232.64
Start Time: Tue, 11 Oct 2016 18:06:59 +0200
Labels:     pod-template-hash=250514157,run=fgpra
Status:     Pending
IP:     <removed myself>
Controllers:    ReplicaSet/fgpra-250514157
Containers:
  fgpra:
    Container ID:   
    Image:      5.179.232.65:5000/some_api_image
    Image ID:       
    Port:       3000/TCP
    QoS Tier:
      cpu:      BestEffort
      memory:       BestEffort
    State:      Waiting
      Reason:       ErrImagePull
    Ready:      False
    Restart Count:  0
    Environment Variables:
Conditions:
  Type      Status
  Ready     False 
Volumes:
  default-token-q7u3x:
    Type:   Secret (a volume populated by a Secret)
    SecretName: default-token-q7u3x
Events:
  FirstSeen LastSeen    Count   From            SubobjectPath       Type        Reason          Message
  --------- --------    -----   ----            -------------       --------    ------          -------
  4s        4s      1   {default-scheduler }                Normal      Scheduled       Successfully assigned fgpra-250514157-yh6vb to 5.179.232.64
  4s        4s      1   {kubelet 5.179.232.64}              Warning     MissingClusterDNS   kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
  4s        4s      1   {kubelet 5.179.232.64}  spec.containers{fgpra}  Normal      Pulling         pulling image "5.179.232.65:5000/some_api_image"
  4s        4s      1   {kubelet 5.179.232.64}  spec.containers{fgpra}  Warning     Failed          Failed to pull image "5.179.232.65:5000/some_api_image": unable to ping registry endpoint https://5.179.232.65:5000/v0/
v2 ping attempt failed with error: Get https://5.179.232.65:5000/v2/: http: server gave HTTP response to HTTPS client
 v1 ping attempt failed with error: Get https://5.179.232.65:5000/v1/_ping: http: server gave HTTP response to HTTPS client
  4s    4s  1   {kubelet 5.179.232.64}      Warning FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "fgpra" with ErrImagePull: "unable to ping registry endpoint https://5.179.232.65:5000/v0/\nv2 ping attempt failed with error: Get https://5.179.232.65:5000/v2/: http: server gave HTTP response to HTTPS client\n v1 ping attempt failed with error: Get https://5.179.232.65:5000/v1/_ping: http: server gave HTTP response to HTTPS client"

  3s    3s  1   {kubelet 5.179.232.64}  spec.containers{fgpra}  Normal  BackOff     Back-off pulling image "5.179.232.65:5000/some_api_image"
  3s    3s  1   {kubelet 5.179.232.64}              Warning FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "fgpra" with ImagePullBackOff: "Back-off pulling image \"5.179.232.65:5000/some_api_image\""

I already configured my /etc/init.d/sysconfig/docker to use my insecure private registry.

This is the command to start the kubernetes deployment :

kubectl run fgpra --image=5.179.232.65:5000/some_api_image --port=3000

How can I set kubernetes to pull from my private docker registry without using ssl?

like image 941
hasan Avatar asked Oct 11 '16 16:10

hasan


People also ask

How do I pull an image from a private Docker repository?

In order to pull images from your private repository, you'll need to login to Docker. If no registry URI is specified, Docker will assume you intend to use or log out from Docker Hub. Triton comes with several images built-in. You can view the available list with triton images .

How do I access private Docker images?

Personal to personalNavigate to Docker Hub create a Docker ID and select the personal subscription. Using docker login from the CLI, sign in using your original Docker ID and pull your private images.

Which type of Kubernetes secret should you use to pass credentials for an image repository so that Kubelet can pull private images on behalf of your pods?

The imagePullSecrets field for a Pod is a list of references to Secrets in the same namespace as the Pod. You can use an imagePullSecrets to pass image registry access credentials to the kubelet. The kubelet uses this information to pull a private image on behalf of your Pod.

Does Kubernetes use Docker to pull images?

Instead, Kubernetes will pull the Docker images to its nodes on its own. If your Docker images are in a public repository such as DockerHub, Kubernetes can pull them right away. In most cases however your images are in a private Docker registry and Kubernetes must be given explicit access to it.


1 Answers

This rather a docker issue than a kubernetes one. You need to add your http registry as a insecure-registry to your docker daemon on each kubernetes node.

docker daemon --insecure-registry=5.179.232.65:5000

In most environment there is a file like /etc/default/docker where you can add this parameter.

like image 66
Lukas Eichler Avatar answered Nov 15 '22 07:11

Lukas Eichler