Microk8s Insecure Registry not working

cetiberiojr · May 4, 2020, 8:15pm

Hi Guys,

I’m configuring my microk8s and I’m having a stranger issue and don’t know anymore how to check it… I know the configurations are ok… at least, it should.

I have a registry I can access only as HTTP (insecure), if I point to my browser, I can see the HTTPS is not accessible but HTTP is (/v2/_catalog)

So, I configured the /var/snap/microk8s/current/args/containerd-template.toml with the following:

[plugins.cri.registry]
      [plugins.cri.registry.mirrors]
        [plugins.cri.registry.mirrors."docker.io"]
          endpoint = ["https://registry-1.docker.io"]
        [plugins.cri.registry.mirrors."localhost:32000"]
          endpoint = ["http://localhost:32000"]
        [plugins.cri.registry.mirrors."myregistry.domain.com:5000"]
          endpoint = ["http://myregistry.domain.com:5000"]

restarted microk8s:

microk8s stop
microk8s start

tried to pull the image:

microk8s ctr --debug images pull myregistry.domain.com:5000/image:latest

DEBU[0000] fetching                                      image="myregistry.domain.com:5000/image:latest"
DEBU[0000] resolving                                    
DEBU[0000] do request                                    request.headers=map[Accept:[application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, *]] request.method=HEAD url="https://myregistry.domain.com:5000/v2/image/manifests/latest"
ctr: failed to resolve reference "myregistry.domain.com:5000/image:latest": failed to do request: Head "https://myregistry.domain.com:5000/v2/image/manifests/latest": http: server gave HTTP response to HTTPS client

He is still trying to access the HTTPS…

Can someone help me here?

Seems like microk8s is not picking up the updated file…

Ps.: I don’t have docker installed or anything, I’m using only the microk8s

Those are the addons installed:

microk8s is running
addons:
dashboard: enabled
dns: enabled
helm: enabled
registry: enabled
storage: enabled
cilium: disabled
fluentd: disabled
gpu: disabled
helm3: disabled
ingress: disabled
istio: disabled
jaeger: disabled
knative: disabled
kubeflow: disabled
linkerd: disabled
metallb: disabled
metrics-server: disabled
prometheus: disabled
rbac: disabled

kjackal · May 6, 2020, 5:06am

Hi @cetiberiojr

Have you looked at [1]?

Also, to talk to an http registry with ctr I think you should use the --plain-http flag.

[1] https://microk8s.io/docs/registry-private

Topic		Replies	Views
How to work with a private registry microk8s docs	14	18303	May 17, 2023
Working with registries and containerd in MicroK8s microk8s development	12	20550	June 4, 2020
Configuring insecure registry for k8s microk8s	4	12403	January 28, 2019
How can I expose the container registry securely on internet microk8s	0	474	November 9, 2021
Microk8s ctr --debug images pull: http server gave http response to https client microk8s	1	5347	March 27, 2021

Microk8s Insecure Registry not working

Related topics