Kubernetes & insecure docker registries

4
votes

I am trailing Kubernetes on AWS, and I have a cluster set up, but having trouble creating an application by pulling a docker image from an insecure repo.

When I created the cluster, I ensured that the environment variable KUBE_ENABLE_INSECURE_REGISTRY=true was set to true. But I still don't seem to be able to pull from this repo.

The logs show (edited application name and registry URL):

Error syncing pod, skipping: failed to "StartContainer" for "" with ErrImagePull: "API error (500): unable to ping registry endpoint https://docker-registry..com:5000/v0/\nv2 ping attempt failed with error: Get https://docker-registry..com:5000/v2/: EOF\n v1 ping attempt failed with error: Get https://docker-registry.*.com:5000/v1/_ping: EOF\n"

Can anyone please advise on this?

Thanks

2
dockerkubernetes

2 Answers

1
votes

According to this code, it seams that, only registries on network 10.0.0.0/8 can be insecure, is your registry on this range? What about setting EXTRA_DOCKER_OPTS="--insecure-registry YOUR_REGISTRY_IP" manually to docker environment file? Is that possible for you?

0
votes

You can config it in each work node, add the file in each node /etc/docker/daemon.json

{
  "debug": true,
  "experimental" : true,
  "insecure-registries" : [
    "your-registry.domain.name"
  ]
}

Then restart the docker at each node

service docker restart