Pretty much I'm asking how to setup the yaml/kubernetes to use my Artfiactory to pull images.
I'm new to Kubernetes and have successfully installed what I'm trying to do on my private machine based on this tutorial.
At work I would like to use Kubernetes to allow developers to quickly deploy and scale docker images, however we work in an isolated environment. We have Nginx and Artifactory currently working with our docker clients and can download all the images needed for this to work if I manually do so.
Everything goes fine with the install of Kubernetes and creation/linking pods and sending jobs; however when I try to run the selenium-hub-rc.yaml I get errors when I checked the describe pods for that pod,
"Failed to "Startcontainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure, this may be because there are no credentials on this request. details: (unable to ping registry endpoint https ://registry.access.redhat.com/v0/\nv2 ping attempt failed with error: get https ://regitry.access.redhat.com/v2: bad request \n v1 ping attemp failed with error: Get https ://registry.access.redhat.com/v1/_ping: Bad Request)"
Now I believe whats happening here is that a dependency for the seleium image, pod-infrastructure is trying to download via a public repo rather than my Artifactory repo.
This is where my question comes in, I've been trying to find a way so that an requests for images by my nodes will be direct to my Artifactory. I'm tried a number of ways to this currently but all failed.
Here are some configs I'm using.
My nginx is setup too listen for 8088 for normal docker requests and forward them to the Artifactory repo called docker-remote It's also set to listen on 8089 for the registry.access.redhat.com request and forward it to the red-remote repo
Clearly I have the Artifactory repo's for docker on docker-remote for docker.io and red-remote for the redhat repo
The nodes/pods have the Hosts file pointing red-myproxy.mylab.lab to the nginx proxy myproxy.mylab.lab and the docker.conf file to include
INSECURE_REGISTRY='--insecure-registry myproxy.mylab.lab:8088' INSECURE_REGISTRY='--insecure-registry red-myproxy.mylab.lab:8089'
Everything works fine up to this point so when I go to build an image I use the Seleium-hub-rc.yaml for creating the docker images
# selenium-hub-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: selenium-hub
spec:
replicas: 1
selector:
name: selenium-hub
template:
metadata:
labels:
name: selenium-hub
spec:
containers:
- name: selenium-hub
image: myproxy.mylab.lab:8088/selenium/hub
ports:
- containerPort: 4444 Thats it pretty much. I run the yaml and it give me that error. I've tried setting a proxy in docker.conf and fannel.conf just to see if I could give any default request a pointer to my repo
HTTP_PROXY="http://red-proxy.mylab.lab:8089"
but failed, I've tried figuring out how the yaml could do it but couldn't find anything and was thinking maybe I need to edit the selenium image directly to do so?
I'm really stumped with this one, but I'm sure other people are using kunbernetes isolated environment just fine and setup the multiple repo for the docker images it tried to pull.
Thank you for taking the time of day to review my problem and I hope you could help!
I found the answer, editing the /etc/kubernetes/kubelet file with the line # pod infrastructure container #KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest" on the kubernetes nodes themselves and updating them to change the path of the registry.redhat.com to my proxy server red-proxy.mylab.lab:8089 work! I'm so happy this headache is done : )
Credit goes to wiki.christophchamp.com/index.php?title=Kubernetes