kubectl error while performing kubectl run on Ubuntu 16.04

7/30/2018

We do have a private repository and i can push and pull all the required docker images successfully.I am facing issue when i try to deploy a particular image on kubernetes.Below is the command i am executing.

kubectl run redis --image=private repo name/redis:redis --image-pull-policy=IfNotPresent

and when i run the command kubectl describe pods <pod name> i can see the below error.

Warning Failed 3s (x2 over 16s) kubelet, node1 Failed to pull image "private repo name/redis:redis": rpc error: code = Unknown desc = Error: Status 400 trying to pull repository repo name/redis: "{\n \"errors\" : [ {\n \"status\" : 400,\n
\"message\" : \"Unsupported docker v1 repository request for 'repo name'\"\n } ]\n}" Warning Failed 3s (x2 over 16s) kubelet, node1 Error: ErrImagePull

Thanks in advance.

-- Gopal Bhaskar
kubernetes

1 Answer

7/31/2018

It looks like you have lost the authorization. You will have to go through the "Pull Image from a Private Docker Repository" process from the documentation - here is a description of how to do that in several ways for different cloud providers or in Kubernetes on-premise. Here is some useful information about different methods of providing credentials:

Private registries may require keys to read images from them. Credentials can be provided in several ways:

  • Using Google Container Registry
    • Per-cluster
    • automatically configured on Google Compute Engine or Google Kubernetes Engine
    • all pods can read the project’s private registry
  • Using AWS EC2 Container Registry (ECR)
    • use IAM roles and policies to control access to ECR repositories
    • automatically refreshes ECR login credentials
  • Using Azure Container Registry (ACR)
  • Configuring Nodes to Authenticate to a Private Registry
    • all pods can read any configured private registries
    • requires node configuration by cluster administrator
  • Pre-pulling Images
    • all pods can use any images cached on a node
    • requires root access to all nodes to setup
  • Specifying ImagePullSecrets on a Pod
    • only pods which provide own keys can access the private registry Each option is described in more detail below.

Going back to the "Unsupported docker v1 repository request for" error that you see and the reason behind it (assuming that you use v2 repository which you probably are). Is the way Docker client works when pulling an image from repository. First it sends v2 request to registry if the request returns an error (request unauthorized or image does not exist) it retries the request with v1. So it comes back with v1 error.

-- aurelius
Source: StackOverflow