kubernetes does not pull images from private repositories

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux Atomic Host 7.2.4

Issue

When configuring a Pod or Replication Controller that needs to use images from a private registry, the pods are never run, and the following error is shown:

Back-off pulling image "<repository>/<image>"

Resolution

  • Register against the private repository with kubernetes secrets:
 -bash-4.2#  kubectl create secret docker-registry  <SECRET-NAME> --docker-server=<REGISTRY>/<REPO> --docker-username=XXXXXX --docker-password=ZZZZZZ --docker-email=my@email.com

  -bash-4.2# kubectl get secrets
  NAME               TYPE                      DATA      AGE
  <SECRET-NAME>   kubernetes.io/dockercfg   1         1h
  • Use the imagePullSecrets in the container definition:
 apiVersion: v1
  kind: ReplicationController
  metadata:
    name: private-repository-pull-rc
  spec:
    replicas: 1
    selector:
      name: container-private-repo
    template:
      metadata:
        labels:
           name: container-private-repo
      spec:
        containers:
          - name:  mycontainer
            image: <myregistry>/<myrepo>/<image>
            imagePullPolicy: Always
        imagePullSecrets:
          - name: <SECRET-NAME>

Root Cause

Kubernetes does not get the repository configuration from $HOME/.docker/config.json
It's necessary to create the secrets in kubernetes

Diagnostic Steps

The following messages appear in the output of kubectl get events:

Events:
  FirstSeen     LastSeen        Count   From                    SubobjectPath                   Reason          Message
  ---------     --------        -----   ----                    -------------                   ------          -------
  1d            4m              288     {kubelet host1}      spec.containers{mycontainer}      Pulling         pulling image "myregistry/myrepository/myimage"
  1d            4m              288     {kubelet host1}      spec.containers{mycontainer}      Failed          Failed to pull image "myregistry/myrepository/myimage": Error: image myimage:latest not found
  1d            2s              8517    {kubelet host1}      spec.containers{mycontainer}      Back-off        Back-off pulling image "myregistry/myrepository/myimage"

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments