Using an external private secure registry with microk8s

akaihola · March 21, 2019, 9:08am

We have a private secure registry (on Nexus), and I am able to pull from it using microk8s.docker:

microk8s.docker login -u myname our.registry.url
microk8s.docker pull our.registry.url/testimage:1.0

When I try to do the same for a container in a pod definition, I get an error. I first create a secret:

microk8s.kubectl create secret docker-registry kubernetes-production-docker-registry \
            --docker-server=our.registry.url:443 \
            --docker-username=akaihola \
            --docker-password=******** \
            --docker-email=myname@domain.tld

I then create a Pod definition (testpod.yaml):

apiVersion: v1
kind: Pod
metadata:
  name: testpod
spec:
  containers:
    - name: testcontainer
      image: our.registry.url:443/testimage:1.0
  imagePullSecrets:
    - name: docker-registry

Create the Pod:

microk8s.kubectl create -f testpod.yaml
microk8s.kubectl describe pod testpod

But what I see in the events list is:

Warning  Failed     2s               kubelet, mylaptop     
Failed to pull image "our.registry.url:443/testimage:1.0":
rpc error: code = Unknown desc = Error response from daemon:
Get https://our.registry.url:443/v2/testimage/manifests/1.0:
no basic auth credentials

Does microk8s miss the capability to use external private secure registry? Do I need something like the registry-creds plugin in minikube?

macintoshprime · March 22, 2019, 1:00am

Not overly familiar with microk8s at the moment but I noticed that in your examples the microk8s.docker login command included a typical url but the url specified in the docker-registry secret and the deploy image had the port specified.

What happens when you omit the port in both the secret and image, different error or the same?

akaihola · March 28, 2019, 11:46am

I actually had misunderstood the imagePullSecrets name option – what I need to use there is

  imagePullSecrets:
    - name: kubernetes-production-docker-registry

I also indeed had to make sure to either use the port number or leave it out, but be consistent and do the same in both the image tag and the docker server URL when creating the secret.

So all works now! Thanks for your comment!

Topic		Replies	Views
[help] Harbor as private registry for microk8s microk8s microk8s	3	48	December 7, 2024
How to work with a private registry microk8s docs	14	18442	May 17, 2023
Deploy from gcp image container registry microk8s	1	492	May 25, 2023
Microk8s can't pull image from a private registry with ssl self signed certificate microk8s docs	4	8255	April 22, 2022
Create and use a private insecure registry inside k8s cluster General Discussions	2	2868	July 10, 2020

Using an external private secure registry with microk8s

Related topics