k8s unable to pull image from the local unsecured registry
In Lab 3.2. (Configure a Local Repository) we spin up a local unsecured registry from which k8s would pull the simple app image. However, I am unable to make it work.
So, before creating the deployment everything seems to be in order:
student@master:~$ curl 10.97.82.186:5000/v2/_catalog
{"repositories":["simpleapp"]}
student@master:~$ k get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 1/1 1 1 118m
registry 1/1 1 1 118m
student@master:~$ k get pod
NAME READY STATUS RESTARTS AGE
nginx-6488f757bc-cf4q4 1/1 Running 1 (51m ago) 118m
registry-d4cf9fd7d-qj6tn 1/1 Running 1 (51m ago) 118m
student@master:~$ sudo podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/simpleapp latest bb19ffc6050a 2 hours ago 943 MB
10.97.82.186:5000/simpleapp latest bb19ffc6050a 2 hours ago 943 MB
docker.io/library/python 3 e285995a3494 8 days ago 943 MB
10.97.82.186:5000/tagtest latest 9c6f07244728 6 weeks ago 5.83 MB
student@master:~$ echo $repo
10.97.82.186:5000
student@master:~$
Let us create the deployment as per the lab instructions:
student@master:~$ k create deployment try1 --image=$repo/simpleapp deployment.apps/try1 created student@master:~$ k describe pod try1-5f97db4fb8-j9csw |grep Failed Warning Failed 11s kubelet Failed to pull image "10.97.82.186:5000/simpleapp": rpc error: code = Unknown desc = failed to pull and unpack image "10.97.82.186:5000/simpleapp:latest": failed to resolve reference "10.97.82.186:5000/simpleapp:latest": failed to do request: Head https://10.97.82.186:5000/v2/simpleapp/manifests/latest: http: server gave HTTP response to HTTPS client Warning Failed 11s kubelet Error: ErrImagePull Warning Failed 10s (x2 over 11s) kubelet Error: ImagePullBackOff student@master:~$
What I find suspicious is the url https://10.97.82.186:5000/v2/simpleapp/manifests/latest - no way https is going to work here.
How do we fix it?
P.S.
Also posted the question here - https://stackoverflow.com/questions/73807830/k8s-unable-to-pull-image-from-the-local-unsecured-registry
Answers
-
Hi @mark.kharitonov,
On which node is the try1 pod scheduled? Typically (but not always) at this step it gets scheduled on the worker/second node.
Can you validate that registry.conf and config.toml files respectively are identically configured between the two nodes of your cluster? In addition, the runtime restart and eventually the node reboot are also successful? The necessary commands are presented in Lab 3.2 steps 12 and 13.
Regards,
-Chris0 -
As per the lab instructions I modified the relevant configuration files both on the master and the worker nodes.
So, on the master:
student@master:~$ cat /etc/containers/registries.conf.d/registry.conf [[registry]] location = "10.97.82.186:5000" insecure = true student@master:~$ diff -U3 /etc/containerd/config.toml /etc/containerd/config.toml.orig --- /etc/containerd/config.toml 2022-09-21 21:22:37.032171446 +0000 +++ /etc/containerd/config.toml.orig 2022-09-22 03:35:37.032007211 +0000 @@ -152,9 +152,6 @@ [plugins."io.containerd.grpc.v1.cri".registry.mirrors] - [plugins."io.containerd.grpc.v1.cri".registry.mirrors."*"] - endpoint = ["10.97.82.186:5000"] - [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming] tls_cert_file = "" tls_key_file = "" student@master:~$Now on the worker:
student@worker:~$ cat /etc/containers/registries.conf.d/registry.conf [[registry]] location = "10.97.82.186:5000" insecure = true student@worker:~$ diff -U3 /etc/containerd/config.toml /etc/containerd/config.toml.orig --- /etc/containerd/config.toml 2022-09-21 22:07:27.199770673 +0000 +++ /etc/containerd/config.toml.orig 2022-09-22 15:26:21.280537739 +0000 @@ -136,9 +136,6 @@ [plugins."io.containerd.grpc.v1.cri".registry.mirrors] - [plugins."io.containerd.grpc.v1.cri".registry.mirrors."*"] - endpoint = ["10.97.82.186:5000"] - [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming] tls_cert_file = "" tls_key_file = "" student@worker:~$Both machines for stopped for the night. After booting them the only thing I had to repeat is push the simpleapp image to the local repository again. I need to check it, seems like the storage was not persisted in between reboots, but this is a different issue. Anyway, all seems working fine:
On the master:
student@master:~$ curl $repo/v2/_catalog {"repositories":["simpleapp"]} student@master:~$On the worker:
student@worker:~$ curl $repo/v2/_catalog {"repositories":["simpleapp"]} student@worker:~$Is there anything else I can check to help you to help me?
0 -
My SO question was answered and the answer is to change
endpoint = ["10.97.82.186:5000"]toendpoint = ["http://10.97.82.186:5000"]The lab should be updated.
0 -
For anyone else stumbling upon this thread as I am,
The LFD directions I have do show thehttp://prefix as suggested above, in section 3.2!
1 -
It does indeed. I do not know how I could miss it.
0 -
This does not appear at all in the V2022-11-23 labs, but it was necessary to proceed. Appreciate the help here.
0 -
I ran into the same problem but eventually got it to work.
1.
The lab has the following line:[plugin."io.containerd.grpc.v1.cri".registry.mirrors."*"] #<-- Add these two linesI changed "plugin" to "plugins" as mentioned here and in the downloadable archive.
2.
I also needed to add an image tag when creating the deployment.kubectl create deployment try1 --image=$repo/simpleapp:latest0 -
I was running into the same issue with containerd.io v2.1.5
The problem was that the config structure has changed and to make it work I had to remove the block
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."*"] endpoint = ["http://10.97.40.62:5000"]
And instead add the last block from this:
[plugins.'io.containerd.cri.v1.images'.pinned_images] sandbox = 'registry.k8s.io/pause:3.10' [plugins.'io.containerd.cri.v1.images'.registry] config_path = '' # your mirrors go here now: [plugins.'io.containerd.cri.v1.images'.registry.mirrors."*"] endpoint = ["http://10.97.40.62:5000"]0 -
Hi @cmorent,
You are correct, containerd v2 requires a slight change in the
local-repo-setup.shscript, which has been corrected in the latest release of the course solutions tarball.Regards,
-Chris0
Categories
- All Categories
- 177 LFX Mentorship
- 177 LFX Mentorship: Linux Kernel
- 754 Linux Foundation IT Professional Programs
- 374 Cloud Engineer IT Professional Program
- 170 Advanced Cloud Engineer IT Professional Program
- 74 DevOps IT Professional Program - Discontinued
- 5 DevOps & GitOps IT Professional Program
- 100 Cloud Native Developer IT Professional Program
- 7.6K Training Courses & Learning Paths
- 2 AI & ML Training
- 1 Blockchain & Decentralized Identity Training
- 5 Cloud & Containers Training
- 1 Cybersecurity Training
- 2 DevOps & Site-Reliability Training
- 1 Linux Kernel Development Training
- 1 Networking Training
- 2 Open Source Best Practice Training
- 2 System Administration Training
- 1 System Engineering Training
- 1 Web & Application Development Training
- 794 Hardware
- 202 Drivers
- 68 I/O Devices
- 37 Monitors
- 95 Multimedia
- 173 Networking
- 91 Printers & Scanners
- 89 Storage
- 769 Linux Distributions
- 81 Debian
- 68 Fedora
- 22 Linux Mint
- 13 Mageia
- 24 openSUSE
- 150 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 356 Ubuntu
- 465 Linux System Administration
- 31 Cloud Computing
- 73 Command Line/Scripting
- Github systems admin projects
- 98 Linux Security
- 78 Network Management
- 101 System Management
- 46 Web Management
- 112 Mobile Computing
- 20 Android
- 77 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 393 Off Topic
- 121 Introductions
- 182 Small Talk
- 29 Study Material
- 977 Programming and Development
- 310 Kernel Development
- 649 Software Development
- 990 Software
- 382 Applications
- 182 Command Line
- 5 Compiling/Installing
- 68 Games
- 317 Installation
- Archived
- 2 LFD140 Class Forum
- 1.4K LFS258 Class Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)