Cluster information:
Kubernetes version: 1.30.4
Cloud being used: Bare Metal (On-prem)
Installation method: Kubeadm
Host OS: RHEL 8
CNI and version: Calico CNI 3.28.1
CRI and version: containerd 1.6.32
I am trying to Kubeadm Upgradation from 1.30.3 to 1.31.4 version with New private Image end point registry which is having an authentication to pull the images in to the cluster.
Steps I have Implemented in the above cluster
- Patch key enabled using subscription-manager command.
- Cleared version lock using yum package command.
- Enabled repos from the patch key containerd and required kubeadm version.
- Added new pause image(private registry) in the config.toml in the /etc/containerd/config.toml.
- Installed supported version of containerd version using yum.
- Installed cri-tools which is supported using yum.
- Installed targeted kubeadm version in node level using yum.
- Modified /var/lib/kubelet/kubeadm_env.vars with new pause image.
- Created secret and mapped default service account in the kube-system ns which is required to pull the images from the private image end point registry.
- Modified existing kubeadm-config configmap in the kube-system ns with new private image end point registry.
- Applied kubeadm upgrade apply 1.31.3
ERROR Message
[ERROR ImagePull]: failed to pull image private-registry-end-point/kube-apiserver:v1.31.3: failed to pull image private-registry-end-point/kube-apiserver:v1.31.3: failed to pull and unpack image “private-registry/kube-apiserver:v1.31.3”: failed to resolve reference “private-registry/kube-apiserver:v1.31.3”: failed to authorize: failed to fetch anonymous token: unexpected status from GET request to private-registry-end-point:443/artifactory/api/docker/docker-thirdparty-local/v2/token?scope=repository%3Adocker-thirdparty-local%2Fkube-apiserver%3Apull&scope=repository%3Akube-apiserver%3Apull&service=private-registry-end-point%3A443: 401 Unauthorized