-1

I want to deploy a pod via YAML from docker image that is successfully pushed to the local registry. Please note that it is a local registry and I am not interested in using any Private registry.

My dev envrionment is - Minikube/K8S, Docker, Ubuntu

Yaml file snippet:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: apirestapp-deployment
  labels:
    app: apirestapp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: apirestapp
  template:
    metadata:
      labels:
        app: apirestapp
    spec:
      containers:
        - name: test-api-rest
          image: 192.168.xx.yy:5000/test-api-rest:1.0
          imagePullPolicy: Always

In short, my procedure is:

  1. created local docker repository – done
  2. created the Dockerfile for my app - done
  3. created the image from Dockerfile - done
  4. push the image to local registry - done
  5. I face an error when I execute the kubectl command:
$ kubectl apply -f test-api-rest-all.yaml

I am getting ImagePullBackOff error:

Failed to pull image "192.168.xx.yy:5000/test-api-rest:1.0": rpc error: code = Unknown desc = Error response from daemon: Get "https://192.168.xx.yy:5000/v2/": http: server gave HTTP response to HTTPS client

It is also important to share that I have also tried achieving my objective by creating the image in Minikube Registry, there also I face the same error.

I understand it is related to 'insecure-registry' entry, so I have already tried with an insecure-registry thing in /etc/docker/daemon.json.

CodeWizard
  • 128,036
  • 21
  • 144
  • 167
srigu
  • 329
  • 1
  • 5
  • 16

2 Answers2

1

You need to enable https for your docker registry with REGISTRY_HTTP_TLS_CERTIFICATE, REGISTRY_HTTP_TLS_KEY:

openssl req \
  -newkey rsa:2048 -nodes -sha256 -keyout certs/domain.key \
  -addext "subjectAltName = IP:AAA.BBB.CCC.DDD" \
  -x509 -days 365 -out certs/domain.crt

docker run -d \
  --restart=always \
  --name registry \
  -v "$(pwd)"/certs:/certs \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  -p 5000:443 \
  registry:latest

Add this line to your /etc/docker/daemon.json: "insecure-registries" : ["AAA.BBB.CCC.DDD:5000"] since self-signed cert is in used here. Restart your docker service sudo systemctl restart docker.service.

gohm'c
  • 13,492
  • 1
  • 9
  • 16
  • I could execute the docker run command successfully but now when I do $docker images I do not find the registry image in the list? – srigu Sep 29 '21 at 12:15
  • The error `ImagePullBackOff error` has been resolved with https enabled for the registry? – gohm'c Sep 29 '21 at 14:35
  • The container is always starting. – srigu Sep 29 '21 at 16:00
  • You meant `kubectl apply -f test-api-rest-all.yaml` can now run without any issue after enabled https for your registry? – gohm'c Sep 29 '21 at 16:03
  • yes, that is right!! – srigu Sep 29 '21 at 16:08
  • Good to hear that. Can you mark this as the answer since it resolved the issue. You can post another question so we don't mix several issues in one place. Happy to look into new question. – gohm'c Sep 29 '21 at 16:12
0

Since you are already using minikube you could simply build the docker image in the docker environment where minikube is running.

# setup docker env from minikube
eval $(minikube docker-env)
# build image
docker build -t test-api-rest:1.0 .
# use the local image
kubectl create deploy apirestapp --image=test-api-rest:1.0
shyam
  • 9,134
  • 4
  • 29
  • 44
  • I tried the above, I am getting the error -Failed to pull image "test-api-rest:1.0": rpc error: code = Unknown desc = Error response from daemon: pull access denied for test-api-rest, repository does not exist or may require 'docker login': denied: requested access to the resource is denied – srigu Sep 29 '21 at 07:32
  • You need to change `imagePullPolicy` to `IfNotPresent`/`Never` otherwise it will try to pull from docker hub – shyam Sep 29 '21 at 08:36