K
Q

Using kubernetes init containers on a private repo

2/25/2017

I've been trying to run a deployment using a private init container image with little success, I always get this error:

Failed to pull image "private/app": Error: image private/app:latest not found
Error syncing pod, skipping: failed to "StartContainer" for "app" with ErrImagePull: "Error: image private/app:latest not found"

Here is my deployment:

"kind": "Deployment"
"apiVersion": "extensions/v1beta1"
"metadata":
  "name": "tomcat"
  "creationTimestamp": null
"spec":
  "replicas": 1
  "template":
    "metadata":
      "creationTimestamp": null
      "labels":
        "service": "tomcat"
      "annotations":
        "pod.beta.kubernetes.io/init-containers": '[
          {
            "name": "app",
            "image": "private/app",
            "imagePullPolicy": "IfNotPresent"
          }
        ]'
    "spec":
      "containers":
        - "name": "tomcat"
          "image": "private/tomcat"
          "ports":
            - "containerPort": 8080
              "protocol": "TCP"
      "imagePullSecrets":
        - "name": "my-secret"
      "restartPolicy": "Always"
  "strategy": {}
"status": {}

I also tried it with the change suggested here kubernetes init containers using a private repo:

"pod.beta.kubernetes.io/init-containers": '[
  {
    "name": "app",
    "image": "private/app",
    "imagePullPolicy": "IfNotPresent",
    "imagePullSecrets": [
      {
        "name": "my-secret"
      }
    ]
  }
]'

But still nothing...

Note that I have tested this deployment without the init container and the image pulling was successful.

Also note that this is a simplified version of my actual configuration, in the real configuration there is volume mounting for both containers and some env variables.

How do I configure "imagePullSecrets" for an init-container?

Edit: I was asking around in the kubernetes slack channel and it seems I forgot to give permissions to the cluster docker user (CI docker user if you would) permissions to this hub repository, once I did that the "imagePullPolicy" on the init container was redundant, the one on the "template" > "spec" was enough.

Thanks @koki, wherever you might be.

-- Avi Farada
kubernetes

Similar Questions

How to open compute engine firewall
Starting a container only after the previous container is Running
Minikube volumes
Kubernetes: Frequently gets "Error adding network: no IP addresses available in network: cbr0"

3 Answers

2/27/2017

so i was the one who asked that other question you referenced. this is using your example what my init section looks like. and this does not work for you?

   "pod.beta.kubernetes.io/init-containers": '[
  {
    "name": "app",
    "image": "private/app",
    "imagePullPolicy": "IfNotPresent",
    "imagePullSecrets": "my-secret"
  }
]'
-- JamStar
Source: StackOverflow
3/10/2020

I still cant pull private initContainers.

In my situation i'm adding a initContainer to mongodb chart.

When i add imagePullSecrets: to the initContainer i get.

error: error validating "/helm.txt": error validating data: ValidationError(Deployment.spec.template.spec.initContainers[0]): unknown field "imagePullSecrets" in io.k8s.api.core.v1.Container; if you choose to ignore these errors, turn validation off with --validate=false
-- Pieter
Source: StackOverflow
2/26/2017

You should using secret object.

something like this:

  kubectl create secret docker-registry myregistry \
  --docker-server=https://example.io \
  --docker-username=foo \
  --docker-password=boosecret \
  --docker-email=example@boo.com

And use it , in another object like this:

  imagePullSecrets:
  - name: myregistry
-- Alireza Davoodi
Source: StackOverflow