Kubernetes private registry (gitlab) image pulling on different nodes

5/17/2019

I have a Kubernetes cluster with 2 nodes. Now when I deploy with Gitlab CI to the cluster it will deploy an application normally.

But when I'll add a cronjob service which uses the same image as the application to the charts that are being used by the Gitlab CI (helm charts). it runs on the node where the application itself is also being deployed, but not on the other node.

Error:

Failed to pull image "gitlab.example.nl:4567/v2/namespace/project/manifests/0998034a-ae44-457e-bb5e-3d3304a2fc54": rpc error: code = Unknown desc = Error response from daemon: Get https://gitlab.example.nl:4567/v2/namespace/project/manifests/0998034a-ae44-457e-bb5e-3d3304a2fc54: unauthorized: HTTP Basic: Access denied

Changed urls for not exposing company

Example:

Node1:
Does not run cronjob, because it cannot pull the image.

Node2:
Runs application normally
Runs cronjobs normally

Both the deployment and the cronjob charts do have the ImagePullSecrets property, I have set the token validity time to 15 minutes

Example of k8s dashboard k8s image

Cronjob.yaml (helm chart)

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: {{ template "trackableappname" . }}-cron
spec:
  schedule: "*/1 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          imagePullSecrets:
{{ toYaml .Values.image_fpm.secrets | indent 12 }}
          volumes:
            - name: appdir
              emptyDir: {}
            {{- if .Values.storage.enabled }}
            - name: cron-{{ .Values.storage.name }}-pv-storage
              persistentVolumeClaim:
                claimName: {{ .Values.storage.name }}-pv-claim
            {{- end }}
            - name: secrets
              secret:
                secretName: environment-file
          containers:
            - name: fpm-{{ .Chart.Name }}-cronjob
              image: "{{ .Values.image_fpm.repository }}:{{ .Values.image_fpm.tag }}"
              imagePullPolicy: {{ .Values.image_fpm.pullPolicy }}
              command: ["/bin/sh"]
              args: ["-c", "{{ .Values.application.cronCommand }}"]
              volumeMounts:
              - name: appdir
                mountPath: /var/www/html
              {{- if .Values.storage.enabled }}
              - name: cron-{{ .Values.storage.name }}-pv-storage
                mountPath: /var/www/html/storage
              {{- end }}
              - name: secrets
                mountPath: /var/secrets
              {{- if .Values.application.secretName }}
              envFrom:
              - secretRef:
                  name: {{ .Values.application.secretName }}
              {{- end }}
              env:
                - name: "APP_DEBUG"
                  value: "false"
                - name: ENVIRONMENT_FILE
                  valueFrom:
                    secretKeyRef:
                      name: environment-file
                      key: ENVIRONMENT_FILE
          initContainers:
            - name: copy-{{ .Chart.Name }}-cronjob
              image: "{{ .Values.image_workspace.repository }}:{{ .Values.image_workspace.tag }}"
              command: ["/bin/sh"]
              args: ["-c", "{{ .Values.application.initCommand }}"]
              env:
                - name: ENVIRONMENT_FILE
                  valueFrom:
                    secretKeyRef:
                      name: environment-file
                      key: ENVIRONMENT_FILE
              volumeMounts:
                - name: appdir
                  mountPath: /var/www/application
              imagePullPolicy: {{ .Values.image_fpm.pullPolicy }}
          restartPolicy: OnFailure
-- MrChrissss
docker
gitlab
gitlab-ci
kubernetes
kubernetes-helm

0 Answers