Issue while pulling image from private registry in kubernetes

9/26/2017

I want to create a private registry where in I want to push my docker images and create deployment using those images. I have created a kubernetes cluster with one master one slave in AWS using KOPS. I followed this link: https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/registry to create a registry service and expose it on slave node.

Then I build a docker image and push it to registry as localhost:5000/ as given in this link.

Now when I try to create a deployment using this image, I get the error:

Failed to pull image "localhost:5000/postgres-sdl": rpc error: code = 2 desc = Error while pulling image: Get http://localhost:5000/v1/repositories/postgres-sdl/images: dial tcp [::1]:5000: getsockopt: connection refused

After building docker image I tag and push the image with this name: localhost:5000/postgres-sdl

My deployment yaml looks like this:

      image: localhost:5000/postgres-sdl
-- Subrat Srivastwa
docker-registry
kubernetes
private
registry

2 Answers

11/7/2017

The problem is the hostport is not working properly with CNI (see this issue).

You need to install a portmap plugin and create a .conflist file. All this can depend on how you set up your kubernetes cluster.

I used the following steps:

  • Set the portmap plugin (download via containernetworking/plugins v0.6.0) in /opt/cni/bin
  • I'm using canal so my network config looks like this:

    {
    "name": "canal",
    "cniVersion": "0.3.0",
    "plugins": [{
            "type": "flannel",
            "delegate": {
                "type": "calico",
                "etcd_endpoints": "https://10.128.0.3:2379",
                "etcd_key_file": "/opt/calicoctl/etcd-key",
                "etcd_cert_file": "/opt/calicoctl/etcd-cert",
                "etcd_ca_cert_file": "/opt/calicoctl/etcd-ca",
                "log_level": "info",
                "policy": {
                    "type": "k8s"
                },
                "kubernetes": {
                    "kubeconfig": "/root/cdk/kubeconfig"
                }
            }
        },
        {
            "type": "portmap",
            "capabilities": {
                "portMappings": true
            },
            "snat": true
        }
    ]}
    

    make sure the file ends with .conflist. I saved this file in /etc/cni/net.d. More info about this can be found via Container Networking Interface Specification

  • Recreate the proxy pod.

-- user3499430
Source: StackOverflow

10/29/2017

I advise against using local registry with kubernetes! Sure it gives you nice localhost:5000 address in your config files that is the same as when you test with minikube, but it is actually dangerous.

If the cluster dies you will lose ALL your images.

Just use amazon docker registry, it is a safe a proper way to do this.

-- cohadar
Source: StackOverflow