Not able to start a pod in minikube by pulling image from external private registry

I have an ubuntu installed on my laptop.

I started a private docker registry (ssl enabled + htpasswd secured) and added it on overlay network (so it can be accessed from other hosts/vms)

  • Docker - Advice on setup for web app with Redis, Postgres, ElasticSearch, NGINX, Workers and multiple ruby applications
  • Understanding “VOLUME” instruction in DockerFile
  • Docker: how to build an image from a non-master branch on Github repository
  • Is there any way to install Docker Tooling Kit in mars on Windows
  • What's the point of using Docker on top of a virtual machine?
  • Python logic error in 'if' evaluation [closed]
  • here is the code (docker-compose.yaml):

    version: "3"
    
    services:
     registry:
      restart: always
      image: registry:2
      ports:
        - 5000:5000
      environment:
        REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
        REGISTRY_HTTP_TLS_KEY: /certs/domain.key
        REGISTRY_AUTH: htpasswd
        REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
        REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
      volumes:
        - /certs:/certs
        - ~/caas_rd/workspace/ci_cd_pipeline/registry_setup:/auth
      networks:
        - overlaynetwork
    networks:
      overlaynetwork:
    

    so my registry is running in the following link (with dns, i can verify it in browser) : https://home-thinkpad-t420s:5000/v2/_catalog

    Now I installed “Minikube” on my laptop. && ssh it by “minikube ssh”.

    I created a folder “/etc/docker/certs.d” on minikube vm & added certificates as per instructions :

    https://docs.docker.com/engine/security/certificates/#understanding-the-configuration

    I also modified /etc/hosts && appended ca.cert on /etc/ssl/certs/ca-certificates.crt.

    and restarted docker service on minikube vm by : sudo systemctl restart docker.service

    after this I am able to pull the images on minikube vm by “docker login & docker pull” & also by “curl with (cacert + username/password)”
    above is working perfectly fine, means I can successfully access/pull private registry images inside minikube vm.

    Then I tried to create a secret (on my laptop with kubectl create -f ) defined as below:

    apiVersion: "v1"
    kind: "Secret"
    metadata:
      name: "ssl-proxy-secret"
      namespace: "default"
    data:
     proxycert: "LS0..."
     proxykey: "LS0t..."
     htpasswd: "YWRt..."
    

    and created a pod (on my laptop with kubectl create -f ) defined as below:

    apiVersion: v1
    kind: Pod
    metadata:
      name: private-jenkins
    spec:
      containers:
      - name: private-jenkins-container
        image: home-thinkpad-t420s:5000/my-jenkins
        volumeMounts:
        - name: secrets
          mountPath: /etc/secrets
      volumes:
      - name: secrets
        secret:
           secretName: ssl-proxy-secret
    

    but when I try to run this pod, it throws error :

    Failed to pull image “home-thinkpad-t420s:5000/my-jenkins”: rpc error: code = 2 desc = Error: image my-jenkins not found
    Error syncing pod, skipping: failed to “StartContainer” for “private-jenkins-container” with ErrImagePull: “rpc error: code = 2 desc = Error: image my-jenkins not found”

    If I am able to pull images inside the minikube vm successfully by curl & docker login/pull……then when why pod creation is failing with above error ?

  • Do Docker Linux Images Contain Kernels?
  • Rails console into Docker on Heroku
  • Docker complains about invalid certificate after update to v1.7.0
  • How to hide SSH key to the Docker image without leaving the trace?
  • Vagrant, Docker, Puppet, Chef
  • How do I run celery status/flower without the -A option?
  • 2 Solutions collect form web for “Not able to start a pod in minikube by pulling image from external private registry”

    Can you remove those double quotes escpecially from the credentials in the secret.yml file and try spinning the pod again ?

    You need to create a separated kubernetes registry secret instead. Could use this command:

    kubectl create secret docker-registry <secret-name> \
    --docker-email=<your-email> --docker-username=<registry-user> \
    --docker-password=<registry-password> --docker-server=<registry-server-domain>
    

    After that you could update the pod configuration as follow:

    apiVersion: v1
    kind: Pod
    metadata:
      name: private-jenkins
    spec:
      containers:
      - name: private-jenkins-container
        image: home-thinkpad-t420s:5000/my-jenkins
      imagePullSecrets:
        - name: <secret-name>
    

    Reference: link

    Hope it helps!

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.