Geek Answers Handbook

Kubernetes PullImageError with Docker Hub with Private Image

I am struggling to get Kubernetes to work with my personal hub.docker.com registry.

I am using kubectl: Client Version: version.Info{Major:"1", Minor:"1+", GitVersion:"v1.1.0-alpha.0.1588+e44c8e6661c931", GitCommit:"e44c8e6661c931f7fd434911b0d3bca140e1df3a", GitTreeState:"clean"} Server Version: version.Info{Major:"1", Minor:"1", GitVersion:"v1.1.3", GitCommit:"6a81b50c7e97bbe0ade075de55ab4fa34f049dc2", GitTreeState:"clean"}

and Vagrant 1.7.4 on Mac OS X Yosemite 10.10.5

I followed the instructions given here: https://github.com/kubernetes/kubernetes/blob/release-1.1/docs/user-guide/images.md#pre-pulling-images

In a nutshell, you should enter the registry and base64 encode the contents of the resulting .docker/config.json and use it in the yaml document as follows:

 apiVersion: v1 kind: Secret metadata: name: myregistrykey data: .dockercfg: eyAiYXV0aHMiOiB7ICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7ICJhdXRoIjogImFXNTBjbWx1YzJsak9tSTJVVTR5Z...h1YkBpbnRyaW5zaWMud29ybGQiIH0gfSB9Cg== type: kubernetes.io/dockercfg

Then apply it to the quartet. Then I used the resulting key (here called myregistrykey ) in my container definition:

 apiVersion: v1 kind: Pod metadata: name: authorities-backend spec: containers: - name: authorities-backend image: intrinsic/authorities-backend:latest imagePullSecrets: - name: myregistrykey

and kubectl create d it.

However, kubectl continues to not receive the image:

 [ root@kubernetes-master intrinsic]# kubectl get pods NAME READY STATUS RESTARTS AGE authorities-backend 0/1 PullImageError 0 7m

The docking strike on the master Kubernetov worked, however.

What am I missing?

UPDATE

In the pod definition above, I did not specify a registry node, i.e. docker.io. Fixing this, it becomes: image: docker.io/intrinsic/authorities-backend:latest However, the problem persists. Doing kubectl get events -w gets me: 6s 0s 2 authorities-backend Pod spec.containers{authorities-backend} Failed {kubelet 10.245.1.3} Failed to pull image "docker.io/intrinsic/authorities-backend": image pull failed for docker.io/intrinsic/authorities-backend, this may be because there are no credentials on this request. details: (Error: image intrinsic/authorities-backend:latest not found) 6s 0s 2 authorities-backend Pod spec.containers{authorities-backend} Failed {kubelet 10.245.1.3} Failed to pull image "docker.io/intrinsic/authorities-backend": image pull failed for docker.io/intrinsic/authorities-backend, this may be because there are no credentials on this request. details: (Error: image intrinsic/authorities-backend:latest not found) I know that the secret was registered properly, since I have it under kubectl get secrets : NAME TYPE DATA AGE default-token-a7s5n kubernetes.io/service-account-token 2 51m myregistrykey kubernetes.io/dockercfg 1 50m

Still confused ...

Candide

+7
docker docker-registry kubernetes
source share
2 answers

The documentation is out of date as it refers to .dockercfg instead of .docker/config.json . I will update it.

When you use the new .docker/config.json , you need to install type: kubernetes.io/dockerconfigjson instead of type: kubernetes.io/.dockercfg .

Support for type: kubernetes.io/dockerconfigjson was added in v1.1.0, so it is supported by your server but not supported by your client (which is v1.1.0-alpha, which precedes v1.1.0).

When you use type: kubernetes.io/dockerconfigjson , it should check your secret content.

With type: kubernetes.io/dockerconfigjson you want to save the auths wrapper.

+5
source share

So, I continued to research the Internet to answer my problem and eventually found this:

https://github.com/kubernetes/kubernetes/issues/7954#issuecomment-115241561

At the very end of the stream, jjw27 nailed it. The kubernetes documentation mentions the .dockercfg.json file to say that its contents should be encoded in base64. There are two problems in this file:

  • It looks like it turned into another file, i.e. .docker/config.json
  • the auth information in this file is wrapped with additional auths objects that you need to get rid of.

Quote jjw27

Does not work:

 { "auths": { "hub.example.com:1024": { "auth": "asdf=", "email": " example@example.com " } } }

Worked:

 { "hub.example.com:1024": { "auth": "asdf=", "email": " example@example.com " } }

Google, please update this document!

Message for Kubernetes Developers # 2: Also, without complaining about the incorrect base64 encoded password, it is very misleading. Please confirm the user input and inform if it contains errors.

+5
source share

More articles:


All Articles