K
Q

Kubernetes Docker registry

8/9/2018

I have create docker registry as a pod with a service and it's working login, push and pull. But when I would like to create a pod that use an image from this registry, the kubelet can't get the image from the registry.

My pod registry:

apiVersion: v1
kind: Pod
metadata:
  name: registry-docker
  labels:
    registry: docker
spec:
  containers:
  - name: registry-docker
    image: registry:2
    volumeMounts:
    - mountPath: /opt/registry/data
      name: data
    - mountPath: /opt/registry/auth
      name: auth
    ports:
    - containerPort: 5000
    env:
    - name: REGISTRY_AUTH
      value: htpasswd
    - name: REGISTRY_AUTH_HTPASSWD_PATH
      value: /opt/registry/auth/htpasswd
    - name: REGISTRY_AUTH_HTPASSWD_REALM
      value: Registry Realm
  volumes:
  - name: data
    hostPath:
      path: /opt/registry/data
  - name: auth
    hostPath:
      path: /opt/registry/auth

pod I would like to create from registry:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: 10.96.81.252:5000/nginx:latest
  imagePullSecrets:
  - name: registrypullsecret

Error I get from my registry logs:

time="2018-08-09T07:17:21Z" level=warning msg="error authorizing context: basic authentication challenge for realm \"Registry Realm\": invalid authorization credential" go.version=go1.7.6 http.request.host="10.96.81.252:5000" http.request.id=655f76a6-ef05-4cdc-a677-d10f70ed557e http.request.method=GET http.request.remoteaddr="10.40.0.0:59088" http.request.uri="/v2/" http.request.useragent="docker/18.06.0-ce go/go1.10.3 git-commit/0ffa825 kernel/4.4.0-130-generic os/linux arch/amd64 UpstreamClient(Go-http-client/1.1)" instance.id=ec01566d-5397-4c90-aaac-f56d857d9ae4 version=v2.6.2 10.40.0.0 - - [09/Aug/2018:07:17:21 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/18.06.0-ce go/go1.10.3 git-commit/0ffa825 kernel/4.4.0-130-generic os/linux arch/amd64 UpstreamClient(Go-http-client/1.1)"

The secret I use created from cat ~/.docker/config.json | base64:

apiVersion: v1
kind: Secret
metadata:
 name: registrypullsecret
data:
 .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJsb2NhbGhvc3Q6NTAwMCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZaRzlqYTJWeU1USXoiCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE4LjA2$
type: kubernetes.io/dockerconfigjson

The modification I have made to my default serviceaccount:

cat ./sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: 2018-08-03T09:49:47Z
  name: default
  namespace: default
#  resourceVersion: "51625"
  selfLink: /api/v1/namespaces/default/serviceaccounts/default
  uid: 8eecb592-9702-11e8-af15-02f6928eb0b4
secrets:
- name: default-token-rfqfp
imagePullSecrets:
- name: registrypullsecret

file ~/.docker/config.json:

{
        "auths": {
                "localhost:5000": {
                        "auth": "YWRtaW46ZG9ja2VyMTIz"
                }
        },
        "HttpHeaders": {
                "User-Agent": "Docker-Client/18.06.0-ce (linux)"
        }
-- Yummel
docker-registry
kubernetes

Similar Questions

Does apache livy 0.5.0 supports spark on k8s?
nginx-ingress works well for /, but not for subpaths
Why is "{{.Release.namespace}}" rendered empty?
Kubernetes API for CustomResourceDefinition to perform CRUD methods
Update Kubernetes Service Endpoint IP

1 Answer

8/9/2018

The auths data has login credentials for "localhost:5000", but your image is at "10.96.81.252:5000/nginx:latest".

-- Leo K
Source: StackOverflow