kubernetes pull of jenkins image giving Imagepullbackoff

Question

Trying to pull jenkins image using helm install stable/jenkins --values jenkins.values --name jenkins to into my local cluster,but every time, when i do build pod its gives the error as following.

`

[root@kube-master tmp]# kubectl describe pod newjenkins-84cd855fb6-mr9rm
Name:           newjenkins-84cd855fb6-mr9rm
Namespace:      default
Priority:       0
Node:           worker-node2/192.168.20.56
Start Time:     Thu, 14 May 2020 14:58:13 +0500
Labels:         app.kubernetes.io/component=jenkins-master
                app.kubernetes.io/instance=newjenkins
                app.kubernetes.io/managed-by=Tiller
                app.kubernetes.io/name=jenkins
                helm.sh/chart=jenkins-1.16.0
                pod-template-hash=84cd855fb6
Annotations:    checksum/config: 70d4b49bc5cd79a1a978e1bbafdb8126f8accc44871772348fd481642e33cffb
Status:         Pending
IP:
IPs:            <none>
Controlled By:  ReplicaSet/newjenkins-84cd855fb6
Init Containers:
  copy-default-config:
    Container ID:
    Image:         jenkins/jenkins:lts
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      sh
      /var/jenkins_config/apply_config.sh
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Limits:
      cpu:     2
      memory:  4Gi
    Requests:
      cpu:     50m
      memory:  256Mi
    Environment:
      ADMIN_PASSWORD:  <set to the key 'jenkins-admin-password' in secret 'newjenkins'>  Optional: false
      ADMIN_USER:      <set to the key 'jenkins-admin-user' in secret 'newjenkins'>      Optional: false
    Mounts:
      /tmp from tmp (rw)
      /usr/share/jenkins/ref/secrets/ from secrets-dir (rw)
      /var/jenkins_config from jenkins-config (rw)
      /var/jenkins_home from jenkins-home (rw)
      /var/jenkins_plugins from plugin-dir (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from newjenkins-token-jmfsz (ro)
Containers:
  jenkins:
    Container ID:
    Image:         jenkins/jenkins:lts
    Image ID:
    Ports:         8080/TCP, 50000/TCP
    Host Ports:    0/TCP, 0/TCP
    Args:
      --argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)
      --argumentsRealm.roles.$(ADMIN_USER)=admin
      --httpPort=8080
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Limits:
      cpu:     2
      memory:  4Gi
    Requests:
      cpu:      50m
      memory:   256Mi
    Liveness:   http-get http://:http/login delay=90s timeout=5s period=10s #success=1 #failure=5
    Readiness:  http-get http://:http/login delay=60s timeout=5s period=10s #success=1 #failure=3
    Environment:
      POD_NAME:                  newjenkins-84cd855fb6-mr9rm (v1:metadata.name)
      JAVA_OPTS:
      JENKINS_OPTS:
      JENKINS_SLAVE_AGENT_PORT:  50000
      ADMIN_PASSWORD:            <set to the key 'jenkins-admin-password' in secret 'newjenkins'>  Optional: false
      ADMIN_USER:                <set to the key 'jenkins-admin-user' in secret 'newjenkins'>      Optional: false
    Mounts:
      /tmp from tmp (rw)
      /usr/share/jenkins/ref/plugins/ from plugin-dir (rw)
      /usr/share/jenkins/ref/secrets/ from secrets-dir (rw)
      /var/jenkins_config from jenkins-config (ro)
      /var/jenkins_home from jenkins-home (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from newjenkins-token-jmfsz (ro)
Conditions:
  Type              Status
  Initialized       False
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  plugins:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  tmp:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  jenkins-config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      newjenkins
    Optional:  false
  secrets-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  plugin-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  jenkins-home:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  newjenkins
    ReadOnly:   false
  newjenkins-token-jmfsz:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  newjenkins-token-jmfsz
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age        From                   Message
  ----    ------     ----       ----                   -------
  Normal  Scheduled  <unknown>  default-scheduler      Successfully assigned default/newjenkins-84cd855fb6-mr9rm to worker-node2
  Normal  Pulling    9m41s      kubelet, worker-node2  Pulling image "jenkins/jenkins:lts"
[root@kube-master tmp]# kubectl describe pod newjenkins-84cd855fb6-mr9rm
Name:           newjenkins-84cd855fb6-mr9rm
Namespace:      default
Priority:       0
Node:           worker-node2/192.168.20.56
Start Time:     Thu, 14 May 2020 14:58:13 +0500
Labels:         app.kubernetes.io/component=jenkins-master
                app.kubernetes.io/instance=newjenkins
                app.kubernetes.io/managed-by=Tiller
                app.kubernetes.io/name=jenkins
                helm.sh/chart=jenkins-1.16.0
                pod-template-hash=84cd855fb6
Annotations:    checksum/config: 70d4b49bc5cd79a1a978e1bbafdb8126f8accc44871772348fd481642e33cffb
Status:         Pending
IP:
IPs:            <none>
Controlled By:  ReplicaSet/newjenkins-84cd855fb6
Init Containers:
  copy-default-config:
    Container ID:
    Image:         jenkins/jenkins:lts
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      sh
      /var/jenkins_config/apply_config.sh
    State:          Waiting
      Reason:       ErrImagePull
    Ready:          False
    Restart Count:  0
    Limits:
      cpu:     2
      memory:  4Gi
    Requests:
      cpu:     50m
      memory:  256Mi
    Environment:
      ADMIN_PASSWORD:  <set to the key 'jenkins-admin-password' in secret 'newjenkins'>  Optional: false
      ADMIN_USER:      <set to the key 'jenkins-admin-user' in secret 'newjenkins'>      Optional: false
    Mounts:
      /tmp from tmp (rw)
      /usr/share/jenkins/ref/secrets/ from secrets-dir (rw)
      /var/jenkins_config from jenkins-config (rw)
      /var/jenkins_home from jenkins-home (rw)
      /var/jenkins_plugins from plugin-dir (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from newjenkins-token-jmfsz (ro)
Containers:
  jenkins:
    Container ID:
    Image:         jenkins/jenkins:lts
    Image ID:
    Ports:         8080/TCP, 50000/TCP
    Host Ports:    0/TCP, 0/TCP
    Args:
      --argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)
      --argumentsRealm.roles.$(ADMIN_USER)=admin
      --httpPort=8080
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Limits:
      cpu:     2
      memory:  4Gi
    Requests:
      cpu:      50m
      memory:   256Mi
    Liveness:   http-get http://:http/login delay=90s timeout=5s period=10s #success=1 #failure=5
    Readiness:  http-get http://:http/login delay=60s timeout=5s period=10s #success=1 #failure=3
    Environment:
      POD_NAME:                  newjenkins-84cd855fb6-mr9rm (v1:metadata.name)
      JAVA_OPTS:
      JENKINS_OPTS:
      JENKINS_SLAVE_AGENT_PORT:  50000
      ADMIN_PASSWORD:            <set to the key 'jenkins-admin-password' in secret 'newjenkins'>  Optional: false
      ADMIN_USER:                <set to the key 'jenkins-admin-user' in secret 'newjenkins'>      Optional: false
    Mounts:
      /tmp from tmp (rw)
      /usr/share/jenkins/ref/plugins/ from plugin-dir (rw)
      /usr/share/jenkins/ref/secrets/ from secrets-dir (rw)
      /var/jenkins_config from jenkins-config (ro)
      /var/jenkins_home from jenkins-home (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from newjenkins-token-jmfsz (ro)
Conditions:
  Type              Status
  Initialized       False
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  plugins:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  tmp:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  jenkins-config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      newjenkins
    Optional:  false
  secrets-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  plugin-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  jenkins-home:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  newjenkins
    ReadOnly:   false
  newjenkins-token-jmfsz:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  newjenkins-token-jmfsz
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason          Age                From                   Message
  ----     ------          ----               ----                   -------
  Normal   Scheduled       <unknown>          default-scheduler      Successfully assigned default/newjenkins-84cd855fb6-mr9rm to worker-node2
  Warning  Failed          50s                kubelet, worker-node2  Failed to pull image "jenkins/jenkins:lts": rpc error: code = Unknown desc = unauthorized: authentication required
  Warning  Failed          50s                kubelet, worker-node2  Error: ErrImagePull
  Normal   SandboxChanged  49s                kubelet, worker-node2  Pod sandbox changed, it will be killed and re-created.
  Normal   Pulling 28s (x2 over 10m)  kubelet, worker-node2  Pulling image "jenkins/jenkins:lts"

Pull the jenkins image manually using docker pull jenkins with docker hub login and without docker hub account login, every time Give me error ErrImagePull.

what's your K8s version? Did you try ```helm repo update```? — hariK, May 14 '20 at 14:51
No i didn't update the helm yet and K8s version is : [root@kube-master tmp]# kubectl version --short Client Version: v1.18.1 Server Version: v1.18.1 — muhammad shahan, May 14 '20 at 16:30

score 1 · Answer 1 · answered May 14 '20 at 14:34

The hint is in the Events section:

Failed to pull image "jenkins/jenkins:lts": rpc error: code = Unknown desc = unauthorized: authentication required

The kubelet on worker nodes performs a docker pull prior to executing the pod when it spins up the containers.

Make sure the node is logged in with docker login so the local worker nodes can pull the image manually, if you haven't already.

If you have and it's still happening, you may need a secret in place to access the repository in question. If it's still happening even then, don't use a short name for your image (not jenkins/jenkins:lts, specify the full path, like my-image-registry:5001/jenkins/jenkins:lts) to ensure it's pulling from the right place and not the default registries Docker is configured with. Hope that helps.

Thanks robb for Comment let me try it this path,will update about the output with you — muhammad shahan, May 14 '20 at 16:30

kubernetes pull of jenkins image giving Imagepullbackoff

1 Answers1