Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using kubernetes init containers on a private repo

Tags:

kubernetes

I've been trying to run a deployment using a private init container image with little success, I always get this error:

Failed to pull image "private/app": Error: image private/app:latest not found
Error syncing pod, skipping: failed to "StartContainer" for "app" with ErrImagePull: "Error: image private/app:latest not found"

Here is my deployment:

"kind": "Deployment"
"apiVersion": "extensions/v1beta1"
"metadata":
  "name": "tomcat"
  "creationTimestamp": null
"spec":
  "replicas": 1
  "template":
    "metadata":
      "creationTimestamp": null
      "labels":
        "service": "tomcat"
      "annotations":
        "pod.beta.kubernetes.io/init-containers": '[
          {
            "name": "app",
            "image": "private/app",
            "imagePullPolicy": "IfNotPresent"
          }
        ]'
    "spec":
      "containers":
        - "name": "tomcat"
          "image": "private/tomcat"
          "ports":
            - "containerPort": 8080
              "protocol": "TCP"
      "imagePullSecrets":
        - "name": "my-secret"
      "restartPolicy": "Always"
  "strategy": {}
"status": {}

I also tried it with the change suggested here kubernetes init containers using a private repo:

"pod.beta.kubernetes.io/init-containers": '[
  {
    "name": "app",
    "image": "private/app",
    "imagePullPolicy": "IfNotPresent",
    "imagePullSecrets": [
      {
        "name": "my-secret"
      }
    ]
  }
]'

But still nothing...

Note that I have tested this deployment without the init container and the image pulling was successful.

Also note that this is a simplified version of my actual configuration, in the real configuration there is volume mounting for both containers and some env variables.

How do I configure "imagePullSecrets" for an init-container?

Edit: I was asking around in the kubernetes slack channel and it seems I forgot to give permissions to the cluster docker user (CI docker user if you would) permissions to this hub repository, once I did that the "imagePullPolicy" on the init container was redundant, the one on the "template" > "spec" was enough.

Thanks @koki, wherever you might be.

like image 933
Avi Farada Avatar asked Feb 25 '17 22:02

Avi Farada


1 Answers

You should using secret object.

something like this:

  kubectl create secret docker-registry myregistry \
  --docker-server=https://example.io \
  --docker-username=foo \
  --docker-password=boosecret \
  [email protected]

And use it , in another object like this:

  imagePullSecrets:
  - name: myregistry
like image 85
Alireza Davoodi Avatar answered Nov 10 '22 02:11

Alireza Davoodi