0

In the fresh vmware PKS kubernetes cluster, the secret is created for private docker-registry and it works as expected. But the kubectl is not pulling the image from public registry "https://registry-1.docker.io/v2/".

I am connected to corporate network and http_proxy, https_proxy is set to reach internet. The docker login,pull is working but images are not pulled when kubectl deployments are created. The public image is failing for "dduportal/bats:0.4.0". The kubectl describe output is copied to path in the github.

I tried to add the secrets for public docker registry like private seperately. This is pointed out by someone, to keep the secrets seperate incase of pulling images from multiple private regstries. In my case, its public, but still kept separate.

kubectl create secret docker-registry regcred-public --docker-server=registry-1.docker.io --docker-username=<public-user> --docker-password=<token> --docker-email=<myemail>

kubectl create secret docker-registry regcred-private --docker-server=private-registry --docker-username=<private-user> --docker-password=password --docker-email=<myemail>
  1. What could be issue?
  2. how to make my kubectl cluster to pull images from public repository when docker pull from commandline is working without any issues.
  3. There is no clue except the message that it has failed to pull from public registry. It could be better if there is any suggestion from kubernetes cluster.

  4. Is there any rules/configuration required from the cluster end?

    Failed to pull image "dduportal/bats:0.4.0": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

intechops6
  • 1,007
  • 4
  • 22
  • 43

1 Answers1

1

Problem may lay in incorrect setup of proxy HTTP.

First, create a systemd drop-in directory for the Docker service:

mkdir /etc/systemd/system/docker.service.d

Now create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:

[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"

If you have internal Docker registries that you need to contact without proxying you can specify them via the NO_PROXY environment variable:

Environment="HTTP_PROXY=http://proxy.example.com:80/"
Environment="NO_PROXY=localhost,127.0.0.0/8,docker-registry.somecorporation.com"

Flush changes:

$ sudo systemctl daemon-reload

Verify that the configuration has been loaded:

$ sudo systemctl show --property Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:80/

Restart Docker:

$ sudo systemctl restart docker

Link to the official Docker documentation for proxy HTTP: docker-http.

Malgorzata
  • 6,409
  • 1
  • 10
  • 27
  • thanks. it's working locally. But once the context is set, the image has to be fetched from public registry from the kubernetes cluster env, ie. in node server. problem is, no internet open in my cluster. now, pushed the image to private registry and updated the image name in values.yaml(for helm charts) but it is failing for a different image. How to find the images used by helm charts? so that i can download and push to private registry? if there is no connectivity to public registry,how to identify the images referenced in any helm charts? is there a better way to solve this kind of issue. – intechops6 Nov 05 '19 at 16:45