Not able to start a pod in minikube by pulling image from external private registry
I have an ubuntu installed on my laptop.
I started a private docker registry (ssl enabled + htpasswd secured) and added it on overlay network (so it can be accessed from other hosts/vms)
here is the code (docker-compose.yaml):
version: "3" services: registry: restart: always image: registry:2 ports: - 5000:5000 environment: REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt REGISTRY_HTTP_TLS_KEY: /certs/domain.key REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm volumes: - /certs:/certs - ~/caas_rd/workspace/ci_cd_pipeline/registry_setup:/auth networks: - overlaynetwork networks: overlaynetwork:
so my registry is running in the following link (with dns, i can verify it in browser) : https://home-thinkpad-t420s:5000/v2/_catalog
Now I installed “Minikube” on my laptop. && ssh it by “minikube ssh”.
I created a folder “/etc/docker/certs.d” on minikube vm & added certificates as per instructions :
I also modified /etc/hosts && appended ca.cert on /etc/ssl/certs/ca-certificates.crt.
and restarted docker service on minikube vm by : sudo systemctl restart docker.service
after this I am able to pull the images on minikube vm by “docker login & docker pull” & also by “curl with (cacert + username/password)”
above is working perfectly fine, means I can successfully access/pull private registry images inside minikube vm.
Then I tried to create a secret (on my laptop with kubectl create -f ) defined as below:
apiVersion: "v1" kind: "Secret" metadata: name: "ssl-proxy-secret" namespace: "default" data: proxycert: "LS0..." proxykey: "LS0t..." htpasswd: "YWRt..."
and created a pod (on my laptop with kubectl create -f ) defined as below:
apiVersion: v1 kind: Pod metadata: name: private-jenkins spec: containers: - name: private-jenkins-container image: home-thinkpad-t420s:5000/my-jenkins volumeMounts: - name: secrets mountPath: /etc/secrets volumes: - name: secrets secret: secretName: ssl-proxy-secret
but when I try to run this pod, it throws error :
Failed to pull image “home-thinkpad-t420s:5000/my-jenkins”: rpc error: code = 2 desc = Error: image my-jenkins not found
Error syncing pod, skipping: failed to “StartContainer” for “private-jenkins-container” with ErrImagePull: “rpc error: code = 2 desc = Error: image my-jenkins not found”
If I am able to pull images inside the minikube vm successfully by curl & docker login/pull……then when why pod creation is failing with above error ?
2 Solutions collect form web for “Not able to start a pod in minikube by pulling image from external private registry”
Can you remove those double quotes escpecially from the credentials in the secret.yml file and try spinning the pod again ?
You need to create a separated
kubernetes registry secret instead. Could use this command:
kubectl create secret docker-registry <secret-name> \ --docker-email=<your-email> --docker-username=<registry-user> \ --docker-password=<registry-password> --docker-server=<registry-server-domain>
After that you could update the
pod configuration as follow:
apiVersion: v1 kind: Pod metadata: name: private-jenkins spec: containers: - name: private-jenkins-container image: home-thinkpad-t420s:5000/my-jenkins imagePullSecrets: - name: <secret-name>
Hope it helps!