Not able to start a pod in minikube by pulling image from external private registry

I have an ubuntu installed on my laptop.

I started a private docker registry (ssl enabled + htpasswd secured) and added it on overlay network (so it can be accessed from other hosts/vms)

  • Docker and nodemcu-build. Excited but unable to run it
  • Can docker use host filesystem instead of an image?
  • ImportError only with sudo when running python app?
  • Run a database migration command when deploying a Docker container to AWS
  • How to specify IP of docker container in Marathon?
  • Bundle optimization for ruby on Docker
  • here is the code (docker-compose.yaml):

    version: "3"
    
    services:
     registry:
      restart: always
      image: registry:2
      ports:
        - 5000:5000
      environment:
        REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
        REGISTRY_HTTP_TLS_KEY: /certs/domain.key
        REGISTRY_AUTH: htpasswd
        REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
        REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
      volumes:
        - /certs:/certs
        - ~/caas_rd/workspace/ci_cd_pipeline/registry_setup:/auth
      networks:
        - overlaynetwork
    networks:
      overlaynetwork:
    

    so my registry is running in the following link (with dns, i can verify it in browser) : https://home-thinkpad-t420s:5000/v2/_catalog

    Now I installed “Minikube” on my laptop. && ssh it by “minikube ssh”.

    I created a folder “/etc/docker/certs.d” on minikube vm & added certificates as per instructions :

    https://docs.docker.com/engine/security/certificates/#understanding-the-configuration

    I also modified /etc/hosts && appended ca.cert on /etc/ssl/certs/ca-certificates.crt.

    and restarted docker service on minikube vm by : sudo systemctl restart docker.service

    after this I am able to pull the images on minikube vm by “docker login & docker pull” & also by “curl with (cacert + username/password)”
    above is working perfectly fine, means I can successfully access/pull private registry images inside minikube vm.

    Then I tried to create a secret (on my laptop with kubectl create -f ) defined as below:

    apiVersion: "v1"
    kind: "Secret"
    metadata:
      name: "ssl-proxy-secret"
      namespace: "default"
    data:
     proxycert: "LS0..."
     proxykey: "LS0t..."
     htpasswd: "YWRt..."
    

    and created a pod (on my laptop with kubectl create -f ) defined as below:

    apiVersion: v1
    kind: Pod
    metadata:
      name: private-jenkins
    spec:
      containers:
      - name: private-jenkins-container
        image: home-thinkpad-t420s:5000/my-jenkins
        volumeMounts:
        - name: secrets
          mountPath: /etc/secrets
      volumes:
      - name: secrets
        secret:
           secretName: ssl-proxy-secret
    

    but when I try to run this pod, it throws error :

    Failed to pull image “home-thinkpad-t420s:5000/my-jenkins”: rpc error: code = 2 desc = Error: image my-jenkins not found
    Error syncing pod, skipping: failed to “StartContainer” for “private-jenkins-container” with ErrImagePull: “rpc error: code = 2 desc = Error: image my-jenkins not found”

    If I am able to pull images inside the minikube vm successfully by curl & docker login/pull……then when why pod creation is failing with above error ?

  • docker revert changes to container
  • How to save a Docker image
  • How to remote desktop to a docker container with xrdp installed running on a remote server?
  • Kubernetes on Mesos
  • Variable substitution not working on Windows 10 with docker compose
  • HDFS data node connection error in a docker container
  • 2 Solutions collect form web for “Not able to start a pod in minikube by pulling image from external private registry”

    Can you remove those double quotes escpecially from the credentials in the secret.yml file and try spinning the pod again ?

    You need to create a separated kubernetes registry secret instead. Could use this command:

    kubectl create secret docker-registry <secret-name> \
    --docker-email=<your-email> --docker-username=<registry-user> \
    --docker-password=<registry-password> --docker-server=<registry-server-domain>
    

    After that you could update the pod configuration as follow:

    apiVersion: v1
    kind: Pod
    metadata:
      name: private-jenkins
    spec:
      containers:
      - name: private-jenkins-container
        image: home-thinkpad-t420s:5000/my-jenkins
      imagePullSecrets:
        - name: <secret-name>
    

    Reference: link

    Hope it helps!

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.