1

I have created the docker registry secret using below command

kubectl create secret docker-registry regcred --docker-server=https://dockerreleaselocal.jfrog.io --docker-username=user --docker-password='password' --docker-email=email

Below is the Kubernetes yaml code for pulling the image

apiVersion: batch/v1
kind: Job
metadata:
  name: artifactory-terraform-job
spec:
  template:
    spec:
      containers:
      - image: dockerreleaselocal.jfrog.io/terraform:v0.11.7.001
        name: terraform-container
      imagePullSecrets:
      - name: regcred

Error

Failed to pull image "dockerreleaselocal.jfrog.io/terraform:v0.11.7.001": rpc error: code = Unknown desc = Error response from daemon: missing signature key

Kubernetes version

Server Version: version.Info{Major:"1", Minor:"9+", GitVersion:"v1.9.7-2+231cc32d0a1119", GitCommit:"231cc32d0a111940d45936b3206548c610869df2", GitTreeState:"clean", BuildDate:"2018-04-25T08:09:04Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

Output docker pull locally

docker pull dockerreleaselocal.jfrog.io/terraform:v0.11.7.001
Error response from daemon: missing signature key

Do i need to do additional configuration to fix the issue?

Dixon Joseph Dalmeida
  • 302
  • 3
  • 23
  • 2
    In the secret creation, can you set '--docker-server=dockerreleaselocal.jfrog.io' (remove the https://)? Does it help? – Eldad Assis Jun 06 '18 at 14:33
  • No. Still same issue is there – Dixon Joseph Dalmeida Jun 06 '18 at 17:22
  • 2
    When you 'docker login dockerreleaselocal.jfrog.io -u user -p password' from your computer, does it succeed? – Eldad Assis Jun 06 '18 at 17:27
  • Yes. It succeeded – Dixon Joseph Dalmeida Jun 06 '18 at 19:33
  • 2
    Few questions: 1) What K8s version is it? 2) What K8s distribution is it? 3) Can you ssh into the K8s host and 'docker login' + 'docker pull' in it? – Eldad Assis Jun 07 '18 at 05:12
  • K8 version: 1.9.7 (IBM K8) I have configured IBM and Azure registry with Kubernetes cluster. I had No issues. Issue is only with Artifactory registry – Dixon Joseph Dalmeida Jun 07 '18 at 13:30
  • 3
    I suspect you might have something between Artifactory and your K8s, like a firewall or routing rules. Can you ssh into the K8s host and 'docker login' + 'docker pull' in it? – Eldad Assis Jun 07 '18 at 14:03
  • 2
    Any update? I'd really like to know what's the cause for this. It's the first I've hear of this, and I'm using Artifactory as my Docker registry for K8s for about two years... – Eldad Assis Jun 08 '18 at 13:38
  • 1
    Are you able to pull this docker image to your machine? I think properties on `menifest.json` file generated by Artifactory is messed up. Try pushing image again. – Jainish Shah Jun 09 '18 at 20:49
  • What happens when you run this container w/a pod YAML instead of a job YAML. Do you get the same error? Edit: I see you have been successful w/Azure. Was that also a job? I'm wondering if IKS isn't finding the nested imagepullsecret. But if you have been successful w/an Azure image in a job, then it is likely an Artifactory issue. – bhpratt Jun 12 '18 at 15:45
  • Sorry for the delayed response. i tried doing push and pull locally I can push the image to artifactory. But i am not able to pull the image from it. Updated the question – Dixon Joseph Dalmeida Jun 14 '18 at 10:48

1 Answers1

1

Above issue was regarding ACL of the user. A user should have annotate permission for docker registry. If he has annotate permission, the properties will be generated automatically using the manifest file.

Dixon Joseph Dalmeida
  • 302
  • 3
  • 23
  • 1
    Hi Dixon, how can we check if the user have annotate permission? Thanks, Du – todaynowork Jan 31 '20 at 01:47
  • 1
    @todaynowork On the JFrog web console, go to your profile in the upper right corner, under "Welcome, todaynowork" then to Edit Profile. Click the gear icon on the left column (Administration). Click the Identity and Access dropdown. Go to Permissions. There you should see a list of the groups you're a member of. Click on a group name. Look around in there under Users and Groups. You should see an Annotate checkbox under the Repositories and Groups tabs. – Tim Condit Sep 23 '20 at 03:11