ImagePullBackOff: Having trouble pulling down my private Docker image into by Kubernetes cluster

4/28/2019

I'm trying to include my own private Docker image in a Kubernetes manifest but I'm getting an ImagePullBackOff error.

I'm not sure if I've: - used the wrong data for my secrets - missing a command somewhere - used the wrong data in some specific name or label, etc

The image is hosted on Azure Container Registry (aka. ACR).

This is the error I'm getting ... followed by the steps I've done to try and get this to work.

Tests-MBP:k8s test$ clear && kubectl describe pod acounts-api-7fcc5d9bb-826ht

Events:
  Type     Reason                 Age                From                         Message
  ----     ------                 ----               ----                         -------
  Normal   Scheduled              69s                default-scheduler            Successfully assigned acounts-api-7fcc5d9bb-826ht to docker-for-desktop
  Normal   SuccessfulMountVolume  69s                kubelet, docker-for-desktop  MountVolume.SetUp succeeded for volume "default-token-ffrhq"
  Normal   BackOff                30s (x2 over 64s)  kubelet, docker-for-desktop  Back-off pulling image "hornet/accounts.api"
  Warning  Failed                 30s (x2 over 64s)  kubelet, docker-for-desktop  Error: ImagePullBackOff
  Normal   Pulling                16s (x3 over 68s)  kubelet, docker-for-desktop  pulling image "hornet/accounts.api"
  Warning  Failed                 11s (x3 over 64s)  kubelet, docker-for-desktop  Failed to pull image "hornet/accounts.api": rpc error: code = Unknown desc = Error response from daemon: pull access denied for hornet/accounts.api, repository does not exist or may require 'docker login'
  Warning  Failed                 11s (x3 over 64s)  kubelet, docker-for-desktop  Error: ErrImagePull
Tests-MBP:k8s test$ 

I've created a secret:

Tests-MacBook-Pro:k8s test$ kubectl get secrets
NAME                  TYPE                                  DATA   AGE
default-token-ffrhq   kubernetes.io/service-account-token   3      3d
hornet-acr-auth       kubernetes.io/dockerconfigjson        1      16h
Tests-MacBook-Pro:k8s test$ 

with this command:

Tests-MacBook-Pro:k8s test$ kubectl create secret docker-registry hornet-acr-auth --docker-server <snip>.azurecr.io --docker-username 9858ae98-<snip> --docker-password 10abe15a-<snip> --docker-email a@b.com
secret/hornet-acr-auth created

and to get that username/password, I followed these instructions and did this...

Tests-MacBook-Pro:k8s test$ ./azure-credentials.sh 
Retrying role assignment creation: 1/36
Service principal ID: 9858ae98-<snip>
Service principal password: 10abe15a-<snip>

and the first few lines of my .sh script...

#!/bin/bash

ACR_NAME=<snip> // this is the name of the ACR (e.g. foo) .. NOT foo.azurecr.io
SERVICE_PRINCIPAL_NAME=acr-service-principal

...

and finally .. this is how i'm trying to create the deployment in my .yaml manifest....

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: acounts-api
spec:
  selector:
    matchLabels:
      app: acounts-api
  replicas: 1
  template:
    metadata:
      labels:
        app: acounts-api
    spec:
      imagePullSecrets:
      - name: hornet-acr-auth
      containers:
      - name: acounts-api
        image: hornet/accounts.api
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          name: http
        - containerPort: 5301
          name: data-ingest
        env:
        - name: "RavenDb__ServerUrl"
          value: "http://ravendb-data-lb:5200"
---

and yes, I've confirmed that the repositories exist in ACR.

-- Pure.Krome
azure
docker
kubernetes

1 Answer

4/28/2019

Image hornet/accounts.api actually looks like an image from Docker Hub, which is not your case, right?

I guess your image name should be like <snip>.azurecr.io/accounts.api or may be <snip>.azurecr.io/hornet/accounts.api?

-- Vasily Angapov
Source: StackOverflow