K
Q

Private registry with Kubernetes

2/16/2018

I'm trying (for tests purpose) to expose to kubernetes a very simple image pong http:

FROM golang:onbuild
EXPOSE 8000

I built the docker image:

docker build -t pong .

I started a private registry (with certificates):

docker run -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -p 443:443 registry:2.6.2

I created a secret:

kubectl create secret docker-registry regsecret --docker-server=localhost --docker-username=johndoe --docker-password=johndoe --docker-email=johndoe@yopmail.com

I uploaded the image:

docker tag 9c0bb659fea1 localhost/pong
docker push  localhost/pong

I had an insecure registry configuration

{
  "storage-driver" : "aufs",
  "insecure-registries" : [
    "localhost"
  ],
  "debug" : true,
  "experimental" : true
}

So I tried to create my kubernetes pods with:

apiVersion: v1
kind: Pod
metadata:
  name: pong
spec:
  containers:
    - name: pong
      image: localhost/pong:latest
      imagePullPolicy: Always
  imagePullSecrets:
    - name: regsecret

I'm on MacOS with docker Version 17.12.0-ce-mac49 (21995).

If I use image: localhost/pong:latest I got:

waiting:
          message: 'rpc error: code = Unknown desc = Error response from daemon: error
            parsing HTTP 404 response body: invalid character ''d'' looking for beginning
            of value: "default backend - 404"'
          reason: ErrImagePull

I'm stuck on it since the beginning of the week, without success.

-- Damien GOUYETTE
docker
kubernetes
registry

Similar Questions

I can't load a Helm chart into IBM Cloud Private
How to verify kubernetes service load balancer init (call-back not polling)
How to update Kubernetes secrets for all namespaces
Azure load balancer on Kubernetes not loading endpoint

3 Answers

2/16/2018

Hey try to browse your registry using this nice front end app https://hub.docker.com/r/konradkleine/docker-registry-frontend/

Perhaps this will give you some hint , it looks like the registry has some configuration issue...

-- goodbye_for_now
Source: StackOverflow
5/9/2018

instead of deleting the cluster first (minikube delete) the configuration json may be editied at ~/.minikube/config/config.json to add this section accordingly:

{ ... "HostOptions": { ... "InsecureRegistry": [ "private.docker.registry:5000" ], ... }, ... } ... }

this only works on started clusters, as the configuration file won't be populated otherwise. the answer above using minikube --insecure-registry="" is fine.

-- jitter
Source: StackOverflow
2/19/2018

It was not a problem of registry configuration. I forgot to mention that I used minikube.

For the flags to be taken into account, I had to delete the minikube configuration and recreate it

minikube delete

minikube start --insecure-registry="10.0.4.0/24"

-- Damien GOUYETTE
Source: StackOverflow