Flux: Flux not watching private docker registry

Created on 13 May 2020  路  4Comments  路  Source: fluxcd/flux 
# create git secret
kubectl create secret generic flux-git-auth --namespace fluxcd --from-literal=GIT_AUTHUSER=myaccount --from-literal=GIT_AUTHKEY=readacted

# create docker registry secret
kubectl create secret --namespace fluxcd docker-registry docker-config \
  --docker-server="myprivatedockerregistry.com" \
  --docker-username="admin" \
  --docker-password="redacted"

# applying dock-config secret  for default service account image pullsecrets
kubectl patch serviceaccount flux -p '{"imagePullSecrets": [{"name": "docker-config"}]}' -n fluxcd

# installing flux

helm upgrade -i flux fluxcd/flux \
--set git.url='https://$(GIT_AUTHUSER):$(GIT_AUTHKEY)@my-gitlab.com/myaccount/flux-helm-operator.git' \
--set env.secretName=flux-git-auth \
--set registry.dockercfg.configFileName="/dockercfg/config.json" \
--set registry.dockercfg.enabled=true \
--set registry.dockercfg.secretName=docker-config \
--set-file ssh.known_hosts=/tmp/flux_known_hosts \
--set allowedNamespaces="app-dev" \
--set serviceAccount.create=false \
--set serviceAccount.name=default \
--set registry.trace=true \
--namespace fluxcd

# installing helm operator
helm upgrade -i helm-operator fluxcd/helm-operator --wait \
--namespace fluxcd \
--set image.pullSecret=docker-config \
--set git.ssh.secretName=flux-git-deploy \
--set helm.versions=v3 \
--set allowNamespace="app-dev"

I can see it is able to pull git repo from private git host and deploy resources via helm operator. But It is not able to watch private registry.

interesting message from the flux pod logs

warning="--docker-config not used; pre-flight check failed" err="open /dockercfg/config.json: no such file or directory"

Issue:
Flux is not watching the private docker registry. But it is able to connect to my private gitlab host and able to deploy resources via helm operator.
FYI, I am using the latest chart.

Is there anything wrong with my config ?

blocked-needs-validation bug
Source
picture nadendlaprasad

Most helpful comment

I think the helm chart probably has to change to make this work.

You could try setting the configFileName to the actual mountPath

--set registry.dockercfg.configFileName="/dockercfg/"

But I suspect that won't work because the mountPath is a directory and not a file. I'm not sure.

Changing the helm chart to the following should work. 

{{- if .Values.registry.dockercfg.enabled }} 
 - name: docker-credentials 
   mountPath: /dockercfg/config.json 
   readOnly: true 
 {{- end }}
picture pmatheson-greenphire on 24 Jun 2020
🚀1 👍1

All 4 comments

It looks like the helm chart mounts docker-credentials to /dockercfg/ instead of /dockercfg/config.json
https://github.com/fluxcd/flux/blob/c02b716fc36e8a3b2cb663d67eb34aea00deb926/chart/flux/templates/deployment.yaml#L84-L88

https://github.com/fluxcd/flux/blob/c02b716fc36e8a3b2cb663d67eb34aea00deb926/chart/flux/templates/deployment.yaml#L159-L163

pmatheson-greenphire picture pmatheson-greenphire on 17 Jun 2020

Thanks for the reply. I have updated my config accordingly . still facing same issue

here the config i have used . do you see any issue with the following config?

# create git secret
kubectl create secret generic flux-git-auth --namespace fluxcd --from-literal=GIT_AUTHUSER=myaccount --from-literal=GIT_AUTHKEY=readacted

# create docker registry secret
kubectl create secret --namespace fluxcd docker-registry docker-config \
  --docker-server="myprivatedockerregistry.com" \
  --docker-username="admin" \
  --docker-password="redacted"

# installing flux

helm upgrade -i flux fluxcd/flux \
--set git.url='https://$(GIT_AUTHUSER):$(GIT_AUTHKEY)@my-gitlab.com/myaccount/flux-helm-operator.git' \
--set env.secretName=flux-git-auth \
--set registry.dockercfg.enabled=true \
--set registry.dockercfg.secretName=docker-config \
--set-file ssh.known_hosts=/tmp/flux_known_hosts \
--set allowedNamespaces="app-dev" \
--set registry.trace=true \
--set registry.includeImage="myprivatedockerregistry.com/*" \
--namespace fluxcd

# applying dock-config secret  for flux service account image pullsecrets
kubectl patch serviceaccount flux -p '{"imagePullSecrets": [{"name": "docker-config"}]}' -n fluxcd

# installing helm operator
helm upgrade -i helm-operator fluxcd/helm-operator --wait \
--namespace fluxcd \
--set git.ssh.secretName=flux-git-deploy \
--set helm.versions=v3 \
--set allowNamespace="app-dev"
nadendlaprasad picture nadendlaprasad on 22 Jun 2020

I think the helm chart probably has to change to make this work.

You could try setting the configFileName to the actual mountPath

--set registry.dockercfg.configFileName="/dockercfg/"

But I suspect that won't work because the mountPath is a directory and not a file. I'm not sure.

Changing the helm chart to the following should work. 

{{- if .Values.registry.dockercfg.enabled }} 
 - name: docker-credentials 
   mountPath: /dockercfg/config.json 
   readOnly: true 
 {{- end }}
pmatheson-greenphire picture pmatheson-greenphire on 24 Jun 2020
🚀1 👍1

Great. it worked

nadendlaprasad picture nadendlaprasad on 24 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Alphapage picture Alphapage  路  3Comments
MaralKay picture MaralKay  路  3Comments
cloudpea picture cloudpea  路  3Comments
phoppe93 picture phoppe93  路  4Comments
leroy0211 picture leroy0211  路  3Comments