Not able to start a pod in minikube by pulling image from external private registry
902 views
Skip to first unread message
Akash Agrawal
Jun 13, 2017, 4:46:03 AM6/13/17
to Kubernetes developer/contributor discussion
Team,
I have an ubuntu installed on my laptop.
I started a private docker registry (ssl enabled + htpasswd secured) and added it on overlay network (so it can be accessed from other hosts/vms)
here is the code (docker-compose.yaml):
version: "3"
services:
registry:
restart: always
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /certs:/certs
- ~/caas_rd/workspace/ci_cd_pipeline/registry_setup:/auth
networks:
- overlaynetwork
networks:
overlaynetwork:
so my registry is running in the following link (with dns, i can verify it in browser) : https://home-thinkpad-t420s:5000/v2/_catalog
Now I installed "Minikube" on my laptop. && ssh it by "minikube ssh".
I created a folder "/etc/docker/certs.d" on minikube vm & added certificates as per instructions :
https://docs.docker.com/engine/security/certificates/#understanding-the-configuration
I also modified /etc/hosts && appended ca.cert on /etc/ssl/certs/ca-certificates.crt.
and restarted docker service on minikube vm by : sudo systemctl restart docker.service
after this I am able to pull the images on minikube vm by "docker login & docker pull" & also by "curl with (cacert + username/password)"
above is working perfectly fine, means I can successfully access/pull private registry images inside minikube vm.
Then I tried to create a secret (on my laptop with kubectl create -f <secret file name>) defined as below:
apiVersion: "v1"
kind: "Secret"
metadata:
name: "ssl-proxy-secret"
namespace: "default"
data:
proxycert: "LS0..."
proxykey: "LS0t..."
htpasswd: "YWRt..."
and created a pod (on my laptop with kubectl create -f <pod file name>) defined as below:
apiVersion: v1
kind: Pod
metadata:
name: private-jenkins
spec:
containers:
- name: private-jenkins-container
image: home-thinkpad-t420s:5000/my-jenkins
volumeMounts:
- name: secrets
mountPath: /etc/secrets
volumes:
- name: secrets
secret:
secretName: ssl-proxy-secret
but when I try to run this pod, it throws error :
Failed to pull image "home-thinkpad-t420s:5000/my-jenkins": rpc error: code = 2 desc = Error: image my-jenkins not found
Error
syncing pod, skipping: failed to "StartContainer" for
"private-jenkins-container" with ErrImagePull: "rpc error: code = 2 desc
= Error: image my-jenkins not found"
If I am able to pull images inside the minikube vm successfully by curl & docker login/pull......then when why pod creation is failing with above error ?
Rodrigo Campos
Jun 13, 2017, 11:28:25 AM6/13/17
to Akash Agrawal, kubernet...@googlegroups.com
Moving to kubernetes-users
To use the jenkins image from a private registry, you should specify a imagePull
secret. See https://kubernetes.io/docs/concepts/containers/images/ for detailed
info.
I think that should do the trick. But let me know otherwise! :)
secret. See https://kubernetes.io/docs/concepts/containers/images/ for detailed
info.
I think that should do the trick. But let me know otherwise! :)
Reply all
Reply to author
Forward
0 new messages