Issue while pulling image from private registry in kubernetes

0
votes

I want to create a private registry where in I want to push my docker images and create deployment using those images. I have created a kubernetes cluster with one master one slave in AWS using KOPS. I followed this link: https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/registry to create a registry service and expose it on slave node.

Then I build a docker image and push it to registry as localhost:5000/ as given in this link.

Now when I try to create a deployment using this image, I get the error:

Failed to pull image "localhost:5000/postgres-sdl": rpc error: code = 2 desc = Error while pulling image: Get http://localhost:5000/v1/repositories/postgres-sdl/images: dial tcp [::1]:5000: getsockopt: connection refused

After building docker image I tag and push the image with this name: localhost:5000/postgres-sdl

My deployment yaml looks like this:

      image: localhost:5000/postgres-sdl
2
registrykubernetesprivatedocker-registry
It seems that the registry is not running. Did you create the service and the registry-proxy pods?user3151902
Yes, kube-registry pod and kube-registry-proxy pod are running and kube-registry service is running.Subrat Srivastwa
The error message says, that you searched for postgres-sdl image, but you wrote, that you uploaded the image management. Is there an image mismatch?adebasi
In my case, the registry service seems to work fine because I can access it using the service ip address, push image and create deployments. There seems to be some issue with the proxy though. The proxy is supposed to internally convert requests to localhost:5000 to the service ip:port. But that doesn't seem to work.Subrat Srivastwa

2 Answers

0
votes

The problem is the hostport is not working properly with CNI (see this issue).

You need to install a portmap plugin and create a .conflist file. All this can depend on how you set up your kubernetes cluster.

I used the following steps:

  • Set the portmap plugin (download via containernetworking/plugins v0.6.0) in /opt/cni/bin

  • I'm using canal so my network config looks like this:

    {
"name": "canal",
"cniVersion": "0.3.0",
"plugins": [{
        "type": "flannel",
        "delegate": {
            "type": "calico",
            "etcd_endpoints": "https://10.128.0.3:2379",
            "etcd_key_file": "/opt/calicoctl/etcd-key",
            "etcd_cert_file": "/opt/calicoctl/etcd-cert",
            "etcd_ca_cert_file": "/opt/calicoctl/etcd-ca",
            "log_level": "info",
            "policy": {
                "type": "k8s"
            },
            "kubernetes": {
                "kubeconfig": "/root/cdk/kubeconfig"
            }
        }
    },
    {
        "type": "portmap",
        "capabilities": {
            "portMappings": true
        },
        "snat": true
    }
]}

    make sure the file ends with .conflist. I saved this file in /etc/cni/net.d. More info about this can be found via Container Networking Interface Specification

  • Recreate the proxy pod.

-2
votes

I advise against using local registry with kubernetes! Sure it gives you nice localhost:5000 address in your config files that is the same as when you test with minikube, but it is actually dangerous.

If the cluster dies you will lose ALL your images.

Just use amazon docker registry, it is a safe a proper way to do this.