I'm deploying an OKE kubernetes cluster which uses crio as container runtime. I have already configured a reverse proxy nginx for a private registry (with nexus3, and outside the cluster) and tried and succeed locally pulling, pushing and running containers only with docker login <registry.com>.
However when I try to pull those docker images within the cluster it fails with the following message:
Exec commands:
crioctl pull <domain.com.br>/imageName:tag --creds user:pass
error creating build container: Error initializing source : error pinging docker registry : invalid status code from registry 404 (Not Found)
Following the nginx.conf:
worker_processes 2;
events {
worker_connections 1024;
}
http {
client_max_body_size 0;
error_log /var/log/nginx/error.log warn;
access_log /dev/null;
proxy_intercept_errors off;
proxy_send_timeout 120;
proxy_read_timeout 300;
upstream nexus {
server nexus-registry:8081;
}
upstream registry {
server nexus-registry:5000;
}
server {
listen 80;
server_name <my-domain>;
keepalive_timeout 5 5;
proxy_buffering off;
location ~ /.well-known/acme-challenge{
allow all;
root /usr/share/nginx/html/letsencrypt;
}
location / {
return 301 https://<my-domain>$request_uri;
}
}
server {
listen 443 ssl;
server_name <my-domain>;
ssl on;
server_tokens off;
ssl_certificate /etc/nginx/ssl/live/<my-domain>/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/<my-domain>/privkey.pem;
ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
ssl_buffer_size 8k;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
location / {
#redirect to docker registry
if ($http_user_agent ~ docker ) {
proxy_pass http://registry;
}
proxy_pass http://nexus;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
