Private registry not working

Nicolas_Pepinster · May 23, 2018, 11:18am

I’m trying to configure registry in my fresh rancher 2.0 installation.
I created a cluster and in Default >> Resources >> Registries, I added my private registry with scope “Available to all namespaces in this project”.

The registry is a Nexus where I created the kubernetes user. When I try to deploy a pod using this registry, I got :

3s 18s 2 spring-cloud-config-c9dddbd6c-4dsnv.15313e7861d9f8a5 Pod spec.containers{spring-cloud-config} Warning Failed kubelet, cebesvc-ba5tit8 Failed to pull image “myregistry.com:5000/spring-cloud-config:0.1”: rpc error: code = Unknown desc = Error: image spring-cloud-config:0.1 not found

I have the impression that the configuration I did in the UI is not really good configured at the cluster level.

Note : I logged in ssh on one of my node, I did a docker login myregistry.com:5000 with the same user than which used in the rancher registries config and I pulled my image successfully.
Note 2 : I still have a rancher 1.6 cluster and it’s working there.

Did I missed something in my configuration in rancher 2.0 ?

Neil_Carpenter · May 23, 2018, 9:00pm

I had the same issue. In the short term, I manually edited the YAML for the deployment to include:

  imagePullSecrets:
  - name: myregistry.com

Under the covers, Rancher is creating a k8s secret for the registry credentials and this causes k8s to pull the secret & use it.

I’m not sure how this is supposed to work. I couldn’t find any documentation.

Nicolas_Pepinster · May 24, 2018, 8:53am

Do you see a secret “myregistry.com” when you type :

kubectl get secrets --all-namespaces

Because on my side, I don’t see anything so it means maybe that this secret is not created well.

Neil_Carpenter · May 24, 2018, 2:05pm

In my case, I do see the Registry secret:

registry default-token-44nhc kubernetes.io/service-account-token 3 1d
registry myregistrysecret kubernetes.io/dockerconfigjson 1 1d

(Renamed the secret because the forum thinks I want to send spammy links to myregistry dot com…)

etlweather · May 28, 2018, 2:23am

Not sure how you created a registry with a name like myregistry.com - for me it refused the . - so my registry is just called myregistry.

The solution of imagePullSecrets solved it for me, as last for now. I would think it’s not necessary to put this in, but at the same time, it’s not illogical because you could have different teams I guess with different access.

Neil_Carpenter · May 28, 2018, 3:43pm

That’s not actually the name of my registry secret – I just changed it to that in this thread.

shuckepco · August 6, 2018, 1:36pm

Same with us using an AWS ECR private registry.

Seems to be related to this issue:

The issue is currently assigned to the September milestone. Hopefully, it will get fixed then. Only workaround so far is to manually add “imagePullSecrets:…” to each workload YAML definition.

govindbmc · April 28, 2020, 6:35am

Hi, I am also getting below error while trying to pull image from private registry

ErrImagePull: rpc error: code = Unknown desc = repository docker.io/XXXXXXXX/XXXXXX
service not found: does not exist or no pull access

Topic		Replies	Views
Old error not fixed?	0	866	November 14, 2019
Private docker repo doesn't work (access forbidden) Rancher 2.0 Tech Preview	8	9891	March 8, 2019
Rancher v2.2.5 Upgrade Advisory Announcements	1	1281	July 18, 2019
Rancher 2.x private default registry Rancher 2.x	6	848	December 20, 2018
Update Registry Rancher 2.x	3	338	June 27, 2022

Private registry not working

Related Topics