2

I created a sample Node.js project in GitHub and created a docker image for the same. I uploaded the docker image as a package in the same repository. This is a public repo. I created a kubernetes config yaml file with this image as the pods image. Following is the yaml file 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: server-deployment
spec:
  selector:
    matchLabels:
      component: node-server
  template:
    metadata:
      labels:
        component: node-server
    spec:
      containers:
        - name: node-server
          image: docker.pkg.github.com/lethalbrains/intense_omega/io_service:latest
          ports:
            - containerPort: 3000
      imagePullSecrets:
        - name: dockerconfigjson-github-com
---
apiVersion: v1
kind: Service
metadata:
  name: server-cluster-ip-service
spec:
  selector:
    component: node-server
  ports:
    - port: 3000
      targetPort: 3000
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-service
  annotations:
    kubernetes.io/inress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
    - http:
        paths:
          - path: /api/
            backend:
              serviceName: server-cluster-ip-service
              servicePort: 3000

After I apply this file using Kubectl and check the pods details, I get an ImagePullBackOff error.

enter image description here

I even tried using this option of using dockerconfigjson secret with Github Personal Access Token but still the sam result.

Edit:

Added error message from pods describe enter image description here

Rahul
  • 44,892
  • 25
  • 73
  • 103
  • Run `kubectl describe pod` on it to see the events, it will give you a more detailed error message. – coderanger May 29 '20 at 00:35
  • @coderanger, Added the error message from the pods describe – Rahul May 29 '20 at 01:46
  • 2
    Can you check if you run docker pull on the node works? – hoque May 29 '20 at 04:09
  • @hoque, I am able to pull the docker container from my machine. But I had already configured my github access keys in my environment. So I tried from a different machine and I got the following error - `no basic auth credentials` – Rahul May 29 '20 at 08:04
  • I think problem is with provided imagepullsecrets . please ensure you call pull image with your provided credential – hoque May 29 '20 at 08:10
  • @hoque I created the imagepullsecrets as mentioned in the solution here - https://stackoverflow.com/questions/61912589/how-can-i-use-github-packages-docker-registry-in-kubernetes-dockerconfigjson – Rahul May 29 '20 at 08:17
  • @Rahul, check this documentation [link](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). – Crou May 29 '20 at 14:12
  • @Crou, Thanks. Since its a public repo, I have been assuming the packages are also public, is it not the case? – Rahul May 29 '20 at 15:45

1 Answers1

0

This seems to be an issue with GitHub registry which is being discussed here.

What I can recommend is to push the image to docker hub or if create private repo which you can read about at Using a private Docker Registry with Kubernetes.

There seems to be a workaround but I did not tested that. It's published by @sudomaxime and available here:

Here's a nasty little workaround for thoses who:

  • Don't mind loosing blue/green deploys until this is resolved
  • Don't mind 10-15 secs app start-up time
  • Use docker swarm / docker stack deploys
  • Use CI scripts for deployment

In your CI scripts call:

$ docker stack rm {{ your_stack_name }}
$ until [ -z $(docker stack ps {{ your_stack_name }} -q) ]; do sleep 1; done
$ docker stack deploy --with-registry-auth -c docker-compose.yml {{ your_stack_name }}

Basically you ask Docker scheduler to stop all the services under {{ your_stack_name }} orchestrator. A little knack of docker swarm is that docker stack rm will immediately return even if some services are not properly closed chich may cause networking errors when you try to deploy again. That's why we use a small inline script until [ -z $(docker stack ps {{ your_stack_name }} -q) ]; do sleep 1; done to wait for the proper return.

Hopes it saves a few folks headaches. I guess a similar temporary fix will help you out.

This is quite a frustrating issue, for our apps that MUST use blue/green deploys we bought a private repo to fix the problem.

Crou
  • 10,232
  • 2
  • 26
  • 31