Cannot pull image from local docker insecured registry repository inside Minikube.
I'm running Docker-toolbox v1.12.2 using Linux VM (Upstart) installed on Oracle VirtualBox 5.1.6 under Windows 7.
I've created a docker image and push (tag and then push) it into a local insecured docker-registry v2 that running on 192.168.99.100:5000/image/name.
docker run -d -p 5000:5000 --restart=always --name registry registry:2
and inside the VM, on /var/lib/boot2docker/profile I've add to the EXTRA_ARGS the flag --insecure-registry 192.168.99.100:5000 .
docker push & docker pull from localhost:5000/image/name are working fine within Docker(VM).
_catalog is reachable from Postman :GET http:192.168.99.100:5000/v2/_catalog and I'm able to get the images inside the registry.
I'm starting my Minikube v0.15.0 VM with the command:
minikube start --insecure-registry=192.168.99.100:5000
I'm under company PROXY so I've added the proxy in the command line (CMD):
set HTTP/HTTPS_PROXY=my.company.proxy:8080 and set NO_PROXY={minikube ip}.
Then Kubernetes dashboard started to work for me.
Now for the real problem, when running the command:
kubectl run image-name --image=192.168.99.100:5000/image/name --port=9999
to pull image from my local docker registry into Kubernetes its saying
deployment "image-name" created
But inside Kubernetes > Deployments I'm getting the following error:
Failed to pull image "192.168.99.109:5000/image/name": image pull failed for 192.168.99.100:5000/image/name:latest, this may be because there are no credentials on this request. details: (Error response from daemon: Get https://192.168.99.100:5000/v1/_ping: Tunnel or SSL Forbidden)
Can anyone help here with that Tunnel or SSL Forbidden error, it's driving me crazy, and I've tried so many solutions to configure --insecrue-registery inside docker, inside Kubernetes or when running the dokcer-registry.
BTW why it's refering to v1/_ping? i'm using the docker registry v2.
Seems like minikube cannot see the same network that your registry is running. Can you try running minikube ssh then run your curl for the catalog?
Also, as an alternative, you could run eval(minikube docker-env) which then will set your local docker client to use the docker server inside minikube.
So for example if you built an image tagged with myimage/foo it would build and put that image on the minikube docker host, so when you deployed the image, it wouldn't need to be pulled.
Related
First I create a local Docker registry...
docker run -d -p 5000:5000 --restart=always --name registry registry:2
Then I push
docker push localhost:5000/jrg/hello-k8s
I confirm it is there by
$ docker pull localhost:5000/jrg/hello-k8s
Using default tag: latest
latest: Pulling from jrg/hello-k8s
Digest: sha256:c475cb7167208e8f018e54ad81d4b7bbbb9c14875bc1624bcce730edf9afede0
Status: Image is up to date for localhost:5000/jrg/hello-k8s:latest
Then I start Minikube
minikube start --insecure-registry=localhost:5000
But when I run
kubectl create deployment hello-k8s --image=localhost:5000/jrg/hello-k8s
I get
NAME READY STATUS RESTARTS AGE
hello-k8s-75846c4bfc-b7zp7 0/1 ErrImagePull 0 4s
What am I missing?
Update
I also tried (assuming 5.5.5.5 is the IP address for my wireless adapter (confirmed by accessing in the browser).
Then I start Minikube
minikube start --insecure-registry=5.5.5.5:5000
But when I run
kubectl create deployment hello-k8s --image=5.5.5.5:5000/jrg/hello-k8s
But I still get the same issue, also after a while it appears to become ImagePullBackOff
FYI Project (https://github.com/jrgleason/hello-kubernetes/tree/ADD_CASSANDRA)
I think the issue is localhost will reference the kubernetes host itself, and not your registry.
You need to make it so that the registry is accessible from inside minikube. Try using the ip address of your computer instead of localhost.
There is a proxy addon for minikube that will allow you to access localhost from within minikube. I would suggest setting this up as the simplest solution https://github.com/Faithlife/minikube-registry-proxy
If this doesn't work there is a guide here to setup minikube with a local registry https://blog.hasura.io/sharing-a-local-registry-for-minikube-37c7240d0615/
If you are using minikube you must start the docker registry on the minikube machine.
You can either use the minikube registry addon, or use docker yourself. Make sure to use the docker daemon from the minikube host:
eval $(minikube docker-env)
You must push the image to the right registry then, f.e. by using the remote docker daemon for building and pushing to 'localhost' (which is the minikube VM in that case)
I am really confused, I had being learning kubernetes with minikube creating services and other things.
The problem comes in the following shape:
I run the following commands after a fresh install of minikube:
eval $(minikube docker-env)
The reason is because I want to get an image from my computer to be used with minikube. My understanding is that with this command I am in the same context for minikube and docker, so I can access my local images. "Please correct me if I am wrong here".
minikube start
So I get up and running the cluster, and ready to start creating things.
I want to pull the following container:
docker pull nginx/nginx-ingress
Because I want to try an ingress controller to work with my services.
But then I get this weird message:
Using default tag: latest
Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at tcp://192.168.99.101:2376. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
Cannot connect to the Docker daemon at tcp://192.168.99.101:2376. Is the docker daemon running?
I run:
docker ps
And no results with a hang out.
I go to another terminal, I run the docker ps and it works like a charm.
Please if someone can bring some light to me of the impact of the command:
eval $(minikube docker-env)
And if you know why in my current Term with minikube running cannot access to my docker machine would help a lot.
minikube starts a dedicated virtual machine as a single-node Kubernetes cluster. If you have other Docker environments (a separate Docker Machine VM, the Docker Toolbox VM, the Docker for Mac or Docker for Windows environments, or a Linux-native Docker) these are separate from the Docker in the VM. You can't share images or containers between these environments.
If you have private images that aren't published to a registry, you'll have to re-docker build them when you switch to the Minikube environment. You otherwise don't specifically have to docker pull things that you're using, when you reference them in a Kubernetes pod spec Kubernetes will pull them for you.
I am using Minikube to test everything I deploy in IBM Bluemix kubernetes service. I have my Macbook docker environment configured to use Minikube and I don't start standard basic Docker daemon/service in my MacBook. I just:
eval $(minikube docker-env)
It works great and I use same yaml files in Minikube than then I apply to Bluemix, as I use that Docker and Minikube image registry. Problem: when I try to login to BX CR to push an image from Minikube registry I get:
MacBook-Pro:Docker and Kubernetes icordoba$ bx cr login
Logging in to 'registry.ng.bluemix.net'...
FAILED
Failed to 'docker login' to 'registry.ng.bluemix.net' with error: Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
.
It seems bx cr login command needs local docker host daemon running so I need to build image into Minkube registry, test in Minikube, shut it down, start Docker, build image again i docker registry, login to bx cr and push the image...
Can I make bx cr login command work with Minikube docker environment and not basic docker environment configured?
As mentioned in the comments the docker CLI is a pre-requirement for pushing to and pulling from the registry.
It should be possible to ssh into minikube using minikube ssh allowing you access to the docker daemon within minikube. You would then need to install the Bluemix cli and cr plugin. It should then be possible to push your images from there.
Alternatively you could install the IBM-Containers plugin found here. Then you can build your container in Bluemix and it will automatically push the image into the Container Registry for you to use with Kubernetes. This would allow you to build and push images without access to a docker daemon.
bx ic build -t registry.ng.bluemix.net/<namespace>/<image>:<tag> DOCKERFILE_PATH
(Adjust the registry region prefix based on which region you want your image to be pushed to)
I want to set up my own private docker hub from where I can pull docker images on docker clients.
Taking this link as reference, I executed following commands on one machine:
docker pull registry
docker run -d -p 5000:5000 --name localregistry registry
docker ps
docker pull alpine
docker tag alpine:latest localhost:5000/alpine:latest
docker push localhost:5000/alpine:latest
I want to pull this image on some other machine which is reachable to/from this machine.
$ docker pull <ip_of_machine>:5000/alpine
Using default tag: latest
Error response from daemon: Get https://<ip_of_machine>:5000/v1/_ping: http: server gave HTTP response to HTTPS client
Is it possible to pull docker image from one machine which acts as a docker hub to another machine which is reachable?
Adding below line in docker client machine's /etc/sysconfig/docker file resolved the issue:
INSECURE_REGISTRY='--insecure-registry <ip>:5000'
Assuming by the tags you are using boot2docker or DockerToolbox:
You must open VirtualBox Manager
Select the default machine
Network
NAT
Port forwarding
Add an entry for the 5000 port
Regards
I am using docker from a Ubuntu VM. I set up an unsecure registry using the steps mentioned in this link. I can push & pull images from the registry in the host machine but I cannot access the registry from another machine in the same network.
I have done the following -
Edited the /etc/default/docker and edited the DOCKER_OPTS as follows -
DOCKER_OPTS="--insecure-registry cmrepo.com:5000"
Restarted the VM .
Started the registry as follows -
docker run -d -p 5000:5000 --name registry registry:2
Everything works as expected till this point . I can pull/push images into the registry.
Now how do I access the registry from another machine . I tried adding an ip-host entry (10.216.20.14 cmrepo.com) in the /etc/hosts file but it din't help. I can ping 10.216.20.14 from the remote machine but cannot access the registry.
Can someone point out what is it that I am doing wrong or need to do more?