Kind: How to config to pull image from an authenticated but insecure private registry over http

Created on 15 May 2020  路  2Comments  路  Source: kubernetes-sigs/kind


Not sure if this a Kind or kubernetes or docker question.
With some other tools(jib maven), i can do this by configure something like allowInsecureRegistries and sendCredentialsOverHttp.

Following are my configurations.

/etc/docker/daemon.json
{ "insecure-registries" : ["10.120.116.178"] }

secret.yml
apiVersion: v1 kind: Secret metadata: name: jibtest data: .dockerconfigjson: ewoJImF1dGhzIjogewoJC..... type: kubernetes.io/dockerconfigjson

pod.yml
apiVersion: v1 kind: Pod metadata: name: k8sdemo spec: containers: - name: k8sdemo image: 10.120.116.178/jib-test/k8sdemo imagePullSecrets: - name: jibtest

pod events:
Normal Scheduled 92s default-scheduler Successfully assigned default/k8sdemo to kind-control-plane Normal BackOff 21s (x4 over 90s) kubelet, kind-control-plane Back-off pulling image "10.120.116.178/jib-test/k8sdemo" Warning Failed 21s (x4 over 90s) kubelet, kind-control-plane Error: ImagePullBackOff Normal Pulling 7s (x4 over 90s) kubelet, kind-control-plane Pulling image "10.120.116.178/jib-test/k8sdemo" Warning Failed 7s (x4 over 90s) kubelet, kind-control-plane Failed to pull image "10.120.116.178/jib-test/k8sdemo": rpc error: code = Unknown desc = failed to pull and unpack image "10.120.116.178/jib-test/k8sdemo:latest": failed to resolve reference "10.120.116.178/jib-test/k8sdemo:latest": failed to do request: Head https://10.120.116.178/v2/jib-test/k8sdemo/manifests/latest: dial tcp 10.120.116.178:443: connect: connection refused

kinsupport
Source
picture hatzhang

Most helpful comment

Thanks. A config patch like this works.
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."10.120.116.178"] endpoint = ["http://10.120.116.178"]

picture hatzhang on 19 May 2020
🎉2 👍2

All 2 comments

the image pulling happens inside the nodes which are running in containerd.
you can write a kind config with a containerd config patch with something similar to https://kind.sigs.k8s.io/docs/user/local-registry/

https://github.com/containerd/cri/blob/master/docs/config.md

BenTheElder picture BenTheElder on 18 May 2020

Thanks. A config patch like this works.
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."10.120.116.178"] endpoint = ["http://10.120.116.178"]

hatzhang picture hatzhang on 19 May 2020
🎉2 👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nielsvbrecht picture nielsvbrecht  路  3Comments
raphaelauv picture raphaelauv  路  3Comments
rajalokan picture rajalokan  路  3Comments
fgimenez picture fgimenez  路  4Comments
rflorenc picture rflorenc  路  3Comments