How can I configure kubernetes so that it can pull images from the private registry which needs basic authentication?
Environment
- Red Hat Enterprise Linux Atomic Host 7.1
- Private docker registry that needs authentication before images can be pulled
- Kubernetes 0.9.0-0.3.git96af0c3.el7 (shipped with Red Hat Enterprise Linux Atomic Host 7.1)
Issue
- How to configure kubernetes so that it can pull images from private registry which needs basic authentication ?
- docker is not recognizing /root/.dockercfg file while launching pods
-
kubectl create -f pod.yaml
fails. Following message is seen in the minion
Jan XX XXXXX rhel-minion docker: Authentication is required. Jan XX XXXXX rhel-minion kubelet: E0120 18:37:21.383811 1544 kubelet.go:761] Failed to pull image registry.customer.com/xx/xxx: Authentication is required.; skipping pod xxx.default.etcd container xxx. - Kubelet fails to pull the image from private registry that needs authentication
Resolution
Creating .dockercfg file
1. Get the auth string using the username
and password
.
echo "USERNAME:PASSWORD" | base64
2. Create .dockercfg file and follow the below syntax [Replace docker-registry-url, auth and email appropriately]
{
"docker-registry-url": {
"auth": "use the string output from step 1 ",
"email": "email@example.com"
}
}
With Kubernetes-0.9.0-0.3.git96af0c3.el7
Create the .dockercfg
under /var/lib/kubelet/
directory. No other changes required. Restart kubelet service using the command
systemctl restart kubelet
Root Cause
With the previous versions of Kubernetes < 0.9.0-0.3.git96af0c3.el7, kubernetes required the .dockercfg
file to be created under /
root. /
is read only in Red Hat Enterprise Linux Atomic Host. With Kubernetes-0.9.0-0.3.git96af0c3.el7 .dockercfg
file should be created under /var/lib/kubelet/
directory and no other changes are required. WorkingDirectory directive was changed or hardcoded as /var/lib/kubelet/
in the kubelet.service
file
Diagnostic Steps
- After launching the pod, review the logs using journalctl
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments