Intitializing the Kubernetes cluster - docker

I am trying to install the Kubernetes cluster on ubuntu 18.04 system..
As part of intializing the cluster with below command getting below error
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.14.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: access denied
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.14.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: access denied
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.14.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: access denied
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.14.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: access denied
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.1: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: access denied
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/etcd:3.3.10: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: access denied
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns:1.3.1: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: access denied
, error: exit status 1
When i tried to run wget https://k8s.gcr.io/v2/ i am getting below error:
Proxy request sent, awaiting response... 401 Unauthorized
Username/Password Authentication Failed.
Can you please let me know what is the issue.

In my case I have
[root#instance-1 ~]# wget https://k8s.gcr.io/v2/
--2019-08-26 12:58:24-- https://k8s.gcr.io/v2/
Resolving k8s.gcr.io (k8s.gcr.io)... 64.233.167.82, 2a00:1450:400c:c06::52
Connecting to k8s.gcr.io (k8s.gcr.io)|64.233.167.82|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Authorization failed.
That can be the proxy issue. Inspect [Kubeadm] Failing to pull images, and more concrete [this answer](https://github.com/kubernetes/kubeadm/issues/1201#issuecomment-494686022.
So try to configure your docker to use proxy and I hope your issue would be resolved.
And below is summarized set of commands for both the methods:
Method 1 : Configuring proxy variables in the /etc/sysconfig/docker file
-Add following configuration in /etc/sysconfig/docker file
# cat /etc/sysconfig/docker
HTTP_PROXY="http://USERNAME:PASSWORD#[your.proxy.server]:[port]"
HTTPS_PROXY="https://USERNAME:PASSWORD#[your.proxy.server]:[port]
-Restart docker
# service docker restart
Method 2:
1) Create a drop-in
# mkdir /etc/systemd/system/docker.service.d
2) Create a file with name /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:
[Service]
Environment="HTTP_PROXY=http://user01:password#10.10.10.10:8080/"
Environment="HTTPS_PROXY=https://user01:password#10.10.10.10:8080/"
Environment="NO_PROXY= hostname.example.com,172.10.10.10"
3) reload the systemd daemon
# systemctl daemon-reload
4) restart docker
# systemctl restart docker
5) Verify that the configuration has been loaded:
# systemctl show docker --property Environment
Environment=GOTRACEBACK=crash HTTP_PROXY=http://10.10.10.10:8080/ HTTPS_PROXY=http://10.10.10.10:8080/ NO_PROXY= hostname.example.com,172.10.10.10

Related

"Error response from daemon:proxyconnect tcp: dial tcp: lookup {proxy.example.com}: no such host". what should be placed instead of proxy.example.com?

Try-1: I got this following error when I try to install laravel version 9 in my linux (ubuntu).
docker: Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
$ curl -s https://laravel.build/example-app | bash
Unable to find image 'laravelsail/php81-composer:latest' locally
docker: Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
See 'docker run --help'.
bash: line 16: cd: example-app: No such file or directory
bash: line 18: ./vendor/bin/sail: No such file or directory
bash: line 19: ./vendor/bin/sail: No such file or directory
Get started with: cd example-app && ./vendor/bin/sail up
Try-2: I have beyond my company network when installing this and also I tried without being beyond my company network.so I changed my company network to my mobile network then I tried
Error response from daemon: Get "https://registry-1.docker.io/v2/": proxyconnect tcp: dial tcp: lookup proxy.example.com: no such host
Try-3: When I changed http & https proxy to no proxy like this Environment=no_proxy=localhost,127.0.0.1 and changed nameserver like this nameserver 8.8.8.8 nameserver 8.8.4.4 I got below error.
*docker: Error response from daemon: Get "https://registry-1.docker.io/v2/": x509: certificate is valid for .orchardmile.com, orchardmile.com, not registry-1.docker.io
Still same problem arises in different error message.
I have tried this solution : https://docs.docker.com/engine/admin/systemd/#httphttps-proxy in docker official documention and tried this also Error "Get https://registry-1.docker.io/v2/: net/http: request canceled" while building image from stackflow.
After reading above documentation I have one query that what does is (proxy.example.com) it mean in Environment variable in below config file.
Should I change this proxy.example.com to anything regard my company gateway or proxy address something like that or just leave it as it is ?
[Service]
Environment="HTTPS_PROXY=https://proxy.example.com:443/"
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"
Above snippet code is from the docker documentation https://docs.docker.com/engine/admin/systemd/#httphttps-proxy

Base Docker in Docker image cannot start Docker daemon

I have reduced my dockerfile to the following
FROM docker:latest
EXPOSE 3000
But when running the image, docker daemon cannot start.
Running dockerd in the container results in a large chain of info, errors and warnings ending with the following:
WARN[2021-12-09T01:07:36.691842800Z] grpc: addrConn.createTransport failed to connect to {unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}. Err :connection error: desc = "transport: Error while dialing dial unix:///var/run/docker/containerd/containerd.sock: timeout". Reconnecting... module=grpc
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: Iptables not found
Am I missing something? I can manually install iptables but then it fails again with
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.7 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)
So I am assuming I have some setting wrong as it seems to be working out of the box here https://hub.docker.com/_/docker
I am running docker on Windows with the WSL 2 backend.

Kubernetes failed to pull image k8s.gcr.io

I am trying to install Kubernetes on my CentOS machine, when I intialize the cluster, I have the following error.
I specify that I am behind a corporate proxy. I have already configured it for Docker in the directory: /etc/systemd/system/docker.service.d/http-proxy.conf
Docker work fine.
No matter how hard I look, I can't find a solution to this problem.
Thank you for your help.
# kubeadm init
W1006 14:29:38.432071 7560 version.go:102] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get "https://dl.k8s.io/release/stable-1.txt": x509: certificate signed by unknown authority
W1006 14:29:38.432147 7560 version.go:103] falling back to the local client version: v1.19.2
W1006 14:29:38.432367 7560 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.19.2
[preflight] Running pre-flight checks
[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
[WARNING HTTPProxy]: Connection to "https://192.168.XXX.XXX" uses proxy "http://proxyxxxxx.xxxx.xxx:xxxx/". If that is not intended, adjust your proxy settings
[WARNING HTTPProxyCIDR]: connection to "10.96.0.0/12" uses proxy "http://proxyxxxxx.xxxx.xxx:xxxx/". This may lead to malfunctional cluster setup. Make sure that Pod and Services IP ranges specified correctly as exceptions in proxy configuration
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.19.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: handshake failure
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.19.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: handshake failure
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.19.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: handshake failure
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.19.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: handshake failure
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: handshake failure
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/etcd:3.4.13-0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: handshake failure
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns:1.7.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: handshake failure
, error: exit status 1
# kubeadm config images pull
W1006 17:33:41.362395 80605 version.go:102] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get "https://dl.k8s.io/release/stable-1.txt": x509: certificate signed by unknown authority
W1006 17:33:41.362454 80605 version.go:103] falling back to the local client version: v1.19.2
W1006 17:33:41.362685 80605 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
failed to pull image "k8s.gcr.io/kube-apiserver:v1.19.2": output: Error response from daemon: Get https://k8s.gcr.io/v2/: remote error: tls: handshake failure
, error: exit status 1
To see the stack trace of this error execute with --v=5 or higher
Maybe root certificates on your machine are outdated - so it does not consider certificate of k8s.gcr.io as valid one. This message x509: certificate signed by unknown authority hints to it.
Try to update them: yum update ca-certificates || yum reinstall ca-certificates
I just did a dig to k8s.gcr.io, and I added the IP given by the request to /etc/hosts.
# dig k8s.gcr.io
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.2 <<>> k8s.gcr.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44303
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;k8s.gcr.io. IN A
;; ANSWER SECTION:
k8s.gcr.io. 21599 IN CNAME googlecode.l.googleusercontent.com.
googlecode.l.googleusercontent.com. 299 IN A 64.233.168.82
;; Query time: 72 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Nov 24 11:45:37 CST 2020
;; MSG SIZE rcvd: 103
# cat /etc/hosts
64.233.168.82 k8s.gcr.io
And now it works!
# kubeadm config images pull
W1124 11:46:41.297352 50730 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[config/images] Pulled k8s.gcr.io/kube-apiserver:v1.19.4
[config/images] Pulled k8s.gcr.io/kube-controller-manager:v1.19.4
[config/images] Pulled k8s.gcr.io/kube-scheduler:v1.19.4
[config/images] Pulled k8s.gcr.io/kube-proxy:v1.19.4
[config/images] Pulled k8s.gcr.io/pause:3.2
[config/images] Pulled k8s.gcr.io/etcd:3.4.13-0
[config/images] Pulled k8s.gcr.io/coredns:1.7.0
Working also with v1.19.2 - I've got the same error.
It seems to be related to the issue mentioned here (and I think also in here).
I re-install kubeadm on the node and ran the kubeadm init workflow again - it is now working with v1.19.3 and the errors are gone.
All master nodes images are pulled successfully.
Also verified with:
sudo kubeadm config images pull
(*) You can run kubeadm init with --kubernetes-version=X.Y.Z (1.19.3 in our case).
I had the same error. Maybe as others say, it's because of an outdated certificate. I believe it's not required to delete anything.
Simple solution was running one of those two commands, which will reconnect to Container repositories via:
podman login
docker login
Source: podman-login
I had this issue on version version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.2" when i tried joining a second control panel.
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns:v1.9.3: output: E0923 04:47:51.763983 1598 remote_image.go:242] "PullImage from image service failed" err="rpc error: code = NotFound desc = failed to pull and unpack image \"k8s.gcr.io/coredns:v1.9.3\": failed to resolve reference \"k8s.gcr.io/coredns:v1.9.3\": k8s.gcr.io/coredns:v1.9.3: not found" image="k8s.gcr.io/coredns:v1.9.3"
time="2022-09-23T04:47:51Z"...
See #99321 it's now k8s.gcr.io/coredns/coredns:v1.9.3 instead of
k8s.gcr.io/coredns:v1.9.3 and i don't now why
by kluevandrew,
refererence: https://github.com/kubernetes/kubernetes/issues/112131
This worked, am using containerd:
crictl pull k8s.gcr.io/coredns/coredns:v1.9.3
ctr --namespace=k8s.io image tag k8s.gcr.io/coredns/coredns:v1.9.3 k8s.gcr.io/coredns:v1.9.3
docker solution:
docker pull k8s.gcr.io/coredns/coredns:v1.9.3
docker tag k8s.gcr.io/coredns/coredns:v1.9.3 k8s.gcr.io/coredns:v1.9.3
Check imageRepository in kubeadm-config configmap (or your kubeadm config file, if You run something like kubeadm init --config=/tmp/kubeadm-config.yml).

Failed to pull image "levm38/server:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: EOF

I am trying to deploy a docker image on my minikube using a specific image:
But I always get this error
Failed to pull image "levm38/server:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: EOF
I am behind a firewall but I already pushed the image, so I am not sure whats failing
There are a couple of problems and solutions related to
Firewall
Proxy
Restarting and re-configuring docker
in this post:
https://forums.docker.com/t/error-response-from-daemon-get-https-registry-1-docker-io-v2/23741/13
also,
do minikush ssh to the VM and see if you can connect/pull from registry on minikube VM.

Fly: Failed to ping docker registry

I am trying to run a simple build by passing input task to the concourse. Here is my fly command,
fly -t tutorial e -c inputs_required.yml -i some-important-input=.
and my yml file,
---
platform: linux
image_resource:
type: docker-image
source: {repository: busybox}
inputs:
- name: some-important-input
run:
path: ls
args: ['-alR']
I am getting the below error message,
resource script '/opt/resource/check []' failed: exit status 1
stderr:
failed to ping registry: 2 error(s) occurred:
* ping https: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
* ping http: Get http://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
errored
Please note that I am not behind a proxy. I am also not able to ping https://registry-1.docker.io/v2/.
The simple reason is your host cannot reach docker registry which is docker.io by default.
I am not familiar with fly. But I think the image source in your yaml file { repository:busybox} should be a specific image which could be used in command docker pull.
For addition, you may try a local image on your host first. Then try a remote image in some remote registry.

Resources