3

I have installed a microk8s to ubuntu (arm64 bit version), I would like to access my local image registry provided by the microk8s enable registry. But I get a ImagePullBackOff error, I have tried to modify /var/snap/microk8s/current/args/containerd.toml config, but it not works:

[plugins.cri.registry]
  [plugins.cri.registry.mirrors]
    [plugins.cri.registry.mirrors."docker.io"]
      endpoint = ["https://registry-1.docker.io"]
    [plugins.cri.registry.mirrors."localhost:32000"]
      endpoint = ["http://localhost:32000"]
    [plugins.cri.registry.mirrors."192.168.0.45:32000"]
      endpoint = ["http://192.168.0.45:32000"]
    [plugins.cri.registry.configs."192.168.0.45:32000".tls]
      insecure_skip_verify = true

My pod status:

microk8s.kubectl describe pod myapp-7d655f6ccd-gpgkx
Name:         myapp-7d655f6ccd-gpgkx
Namespace:    default
Priority:     0
Node:         192.168.0.66/192.168.0.66
Start Time:   Mon, 15 Mar 2021 16:53:30 +0000
Labels:       app=myapp
              pod-template-hash=7d655f6ccd
Annotations:  <none>
Status:       Pending
IP:           10.1.54.7
IPs:
  IP:           10.1.54.7
Controlled By:  ReplicaSet/myapp-7d655f6ccd
Containers:
  myapp:
    Container ID:   
    Image:          192.168.0.45:32000/myapp:latest
    Image ID:       
    Port:           9000/TCP
    Host Port:      0/TCP
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Limits:
      memory:  384Mi
    Requests:
      memory:  128Mi
    Environment:
      REDIS:                       redis
      MYSQL:                       mysql
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-dn4bk (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  default-token-dn4bk:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-dn4bk
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason     Age                 From               Message
  ----     ------     ----                ----               -------
  Normal   Scheduled  15m                 default-scheduler  Successfully assigned default/myapp-7d655f6ccd-gpgkx to 192.168.0.66
  Normal   Pulling    14m (x4 over 15m)   kubelet            Pulling image "192.168.0.45:32000/myapp:latest"
  Warning  Failed     14m (x4 over 15m)   kubelet            Failed to pull image "192.168.0.45:32000/myapp:latest": rpc error: code = Unknown desc = failed to resolve image "192.168.0.45:32000/myapp:latest": no available registry endpoint: failed to do request: Head "https://192.168.0.45:32000/v2/myapp/manifests/latest": http: server gave HTTP response to HTTPS client
  Warning  Failed     14m (x4 over 15m)   kubelet            Error: ErrImagePull
  Warning  Failed     13m (x6 over 15m)   kubelet            Error: ImagePullBackOff
  Normal   BackOff    20s (x63 over 15m)  kubelet            Back-off pulling image "192.168.0.45:32000/myapp:latest"

version info:

microk8s.kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.15", GitCommit:"73dd5c840662bb066a146d0871216333181f4b64", GitTreeState:"clean", BuildDate:"2021-01-13T13:22:41Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/arm64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.15", GitCommit:"73dd5c840662bb066a146d0871216333181f4b64", GitTreeState:"clean", BuildDate:"2021-01-13T13:14:05Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/arm64"}

It seems that it want to use https instead of http.

How can I use insecure option in microk8s with containerd?

Dániel Kis
  • 2,341
  • 5
  • 28
  • 51
  • Have you restarted containerd after editing its configuration? The `plugins.cri.registry.mirrors."192.168.0.45:32000"` looks right. Try removing the `plugins.cri.registry.configs."192.168.0.45:32000".tls` – SYN Mar 15 '21 at 18:26
  • I have rebooted the system after config midification. I have also tried without `plugins.cri.registry.configs."192.168.0.45:32000".tls` settings, but not worked for me. – Dániel Kis Mar 15 '21 at 20:05
  • Could you please provide all steps you did? Your dockerfile, how did you create image and how did you tag it? Did you create `/etc/docker/daemon.json` from [this doc](https://microk8s.io/docs/registry-built-in) ? Did you get any warnings? – PjoterS Mar 16 '21 at 10:21
  • 1
    @PjoterS I think the dockerfile is irrelevant, because the image exist on the registry, I can also pull it from docker or ctr in terminal: `microk8s.ctr image pull 192.168.0.45:32000/myapp:latest -k --plain-http`. What I really want is to automatically update the image from repository, because I would like to use a CI/CD pipeline to update the new image to container. – Dániel Kis Mar 16 '21 at 19:16
  • Hey @DánielKis, was this issue resolved? I'm also having a similar issue and would like to know more details. – Thilina Ashen Gamage Sep 30 '22 at 07:59
  • I am also waiting for the solution. – Dániel Kis Oct 05 '22 at 10:44

0 Answers0