I am using the Kubernetes plugin for Jenkins, and it seems to have an issue pulling from my private Docker registry.
This is an "untrusted" (no SSL) Harbor private registry.
When I got another Jenkins pipeline to pull from the registry, I had to set --insecure-registry http://10.3.31.105 --insecure-registry 10.3.31.105 in the /etc/systemd/system/docker.service.d/docker-options.conf file. I wonder if there is anything special that I need to do in order to enable Kubernetes to use an untrusted registry in a similar fashion?
This is my pod in use and the error that I am receiving:
[svc.jenkins@node1 ~]$ kubectl get pods
NAME READY STATUS RESTARTS AGE
message-service-7d9494544d-fvnkl 0/1 ImagePullBackOff 0 1m
[svc.jenkins@node1 ~]$ kubectl logs message-service-7d9494544d-fvnkl
Error from server (BadRequest): container "message-service" in pod "message-service-7d9494544d-fvnkl" is waiting to start: trying and failing to pull imageThe Jenkins job, however, exits successfully:
Finished Kubernetes deployment
Finished: SUCCESSYour workflow environment lacks Kubernetes secrets.
Kubernetes use those secrets as credentials to pull an image of the registry when executed by Jenkins. It is always a bad habit to leave the registry unprotected, so you should stop providing command line parameters to force an insecure registry. To use credentials in a pipeline, you do not need to do anything special, you access them just as you would for credentials stored in Jenkins.
I found this kubernetes-credentials-provider-plugin useful, and another working kubernetes-cd-plugin here.
It's actually the a bit like you were doing: Edit the file /etc/docker/daemon.json and add:
{
"insecure-registries" : [ "10.3.31.105:5000" ]
}
It's recommended to put daemon options in the the daemon.json and not just adding them to your docker daemon service. You'll need to do this on every node in your Kubernetes cluster. This will allow kubernetes to pull images from untrusted registries.