Kubernetes Cannot pull image from Artifactory

2
votes

I have created the docker registry secret using below command

kubectl create secret docker-registry regcred --docker-server=https://dockerreleaselocal.jfrog.io --docker-username=user --docker-password='password' --docker-email=email

Below is the Kubernetes yaml code for pulling the image

apiVersion: batch/v1
kind: Job
metadata:
  name: artifactory-terraform-job
spec:
  template:
    spec:
      containers:
      - image: dockerreleaselocal.jfrog.io/terraform:v0.11.7.001
        name: terraform-container
      imagePullSecrets:
      - name: regcred

Error

Failed to pull image "dockerreleaselocal.jfrog.io/terraform:v0.11.7.001": rpc error: code = Unknown desc = Error response from daemon: missing signature key

Kubernetes version

Server Version: version.Info{Major:"1", Minor:"9+", GitVersion:"v1.9.7-2+231cc32d0a1119", GitCommit:"231cc32d0a111940d45936b3206548c610869df2", GitTreeState:"clean", BuildDate:"2018-04-25T08:09:04Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

Output docker pull locally

docker pull dockerreleaselocal.jfrog.io/terraform:v0.11.7.001
Error response from daemon: missing signature key

Do i need to do additional configuration to fix the issue?

1
dockerkubernetesartifactorydocker-registryjfrog-container-registry
In the secret creation, can you set '--docker-server=dockerreleaselocal.jfrog.io' (remove the https://)? Does it help?Eldad Assis
When you 'docker login dockerreleaselocal.jfrog.io -u user -p password' from your computer, does it succeed?Eldad Assis
Few questions: 1) What K8s version is it? 2) What K8s distribution is it? 3) Can you ssh into the K8s host and 'docker login' + 'docker pull' in it?Eldad Assis
I suspect you might have something between Artifactory and your K8s, like a firewall or routing rules. Can you ssh into the K8s host and 'docker login' + 'docker pull' in it?Eldad Assis
Any update? I'd really like to know what's the cause for this. It's the first I've hear of this, and I'm using Artifactory as my Docker registry for K8s for about two years...Eldad Assis

1 Answers

1
votes

Above issue was regarding ACL of the user. A user should have annotate permission for docker registry. If he has annotate permission, the properties will be generated automatically using the manifest file.