Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private docker-registry access #58009

Closed
shevagit opened this issue Jan 9, 2018 · 2 comments
Closed

Private docker-registry access #58009

shevagit opened this issue Jan 9, 2018 · 2 comments
Assignees
@dims
Labels
sig/auth Categorizes an issue or PR as relevant to SIG Auth.

Comments

@shevagit
Copy link

shevagit commented Jan 9, 2018

Hello,

I have some trouble accessing a private docker registry on a kubernetes cluster. There is a working private registry that currently works on another cluster. I already have the certificate in the correct directory (/etc/docker/certs.d//ca.crt file), I have manually logged in from each of the minion nodes successfully and checked that I can use docker pull <image from private registry> . After that, I created a kubernetes secret which includes the registry address, username, password and e-mail and then added it in the YAML deployment file. Restarted docker service too. The output of kubectl describe shows: image not found. The docker logs:

Jan 09 18:09:08 prod4 docker[2462]: time="2018-01-09T18:09:08.892755019+01:00" level=error msg="Attempting next endpoint for pull after error: Get https://registry.xxxxx.com:444/v2/xxxxx/postgres/manifests/1.0: no basic auth credentials" Jan 09 18:09:08 prod4 docker[2462]: time="2018-01-09T18:09:08.920788071+01:00" level=error msg="Not continuing with pull after error: Error: image xxxxx/postgres:1.0 not found" Jan 09 18:09:24 prod4 docker[2462]: time="2018-01-09T18:09:24.869481624+01:00" level=error msg="Handler for GET /v1.24/images/registry.xxxxx.com:444/xxxxxx/postgres:1.0/json returned error: No such image: registry.xxxxx.com:444/xxxxx/postgres:1.0"

The image is actually there(I can docker pull it) and the same registry is used in another same configuration cluster and their only difference is the kubernetes version (working version 1.7 - non working version 1.9). Is there any possibility that the new version cannot use private registries that way? The cluster has no problem pulling images from the public registries.

Thanks in advance

Uncomment only one, leave it on its own line:

/kind bug

/kind feature

  • Kubernetes version (use kubectl version):
    v1.9.0+coreos.0
  • Cloud provider or hardware configuration:
    Baremetal
  • OS (e.g. from /etc/os-release):
    CentOS 7
@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jan 9, 2018
@shevagit
Copy link
Author

shevagit commented Jan 9, 2018
edited
Loading

/sig area/docker

@k8s-ci-robot k8s-ci-robot added sig/auth Categorizes an issue or PR as relevant to SIG Auth. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jan 9, 2018
@dims
Copy link
Member

dims commented Jan 9, 2018

@shevagit : i believe we have fixed this already in 1.9.1 - #57463

So please use 1.9.1 (at least kubectl and recreate the secret) or use the work around from here:
#57427 (comment)

Thanks,
Dims

/close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dims dims

Labels
sig/auth Categorizes an issue or PR as relevant to SIG Auth.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dims @k8s-ci-robot @shevagit