I am trying to run a container on my Kubernetes cluster (1.9.7-gke.6
), using a private registry (Artifactory).
Failed to pull image "myrepo.myartifactory.mycompany.com/org/image:latest": rpc error: code = Unknown desc = Error: Status 400 trying to pull repository org/image: "{
\"errors\" :[ {
\"status\" : 400,
\"message\" : \"Unsupported docker v1 repository request for 'myrepo'\"\n } ]
}"
I assume this means that the docker
client tries to perform a v1
registry request, which seems to be not supported by our Artifactory installation.
I checked the docker version of my cluster nodes:
$ kubectl describe nodes | grep docker
Container Runtime Version: docker://17.3.2
Container Runtime Version: docker://17.3.2
Container Runtime Version: docker://17.3.2
I found the Docker flag --disable-legacy-registry=true
but I am not sure how to best configure my GKE cluster this way.
The actual issue was that our credentials of the registry changed. Updating the pull credentials on our cluster fixed the issue.
I assume that the issue can occur under certain circumstances where the registry API returns an error such as an authentication or authorization error. If that is the case, the docker client tries to downgrade to an older API version - which is not available on Artifactory.
This would cause Artifactory to return the mentioned Unsupported docker v1 repository request for 'myrepo'
error, which unfortunately masks the actual error.
Fortunately, you can SSH into your GKE nodes (you can't to the GKE masters). So you can add this flag in the /etc/docker/daemon.json
file in all your nodes. Something like this:
{
...
"disable-legacy-registry": true,
"log-driver": "json-file",
"log-opts": {
"max-size": "1g",
"max-file": "3"
}
...
}
Then restart docker on all your nodes. In each node:
sudo docker systemctl restart docker
Note that this flag has been completely removed from Docker 17.12 and later.