Insecure docket registry

k3s, k3OS, and k3d
1

Hi, I have an insecure docker registry (installed via arkade install docker-registry) in a private k3s cluster (installed via k3sup) and I cannot pull images from that from my Deployments.
On the master node I have this config active:

$ cat /etc/rancher/k3s/registries.yaml 
mirrors:
  "192.168.0.103:5000":
    endpoint:
      - "http://192.168.0.103:5000"
configs:
  "192.168.0.103:5000":
    auth:
      username: admin
      password: xxxxxxxxxxxxxx

192.168.0.103 is one of the workers; on the port 5000 I can successfully log in, push and pull images.

On all machines, I have adapted the docker configuration:

$ cat /etc/docker/daemon.json 
{
  "insecure-registries" : ["192.168.0.103:5000"]
}

On all nodes, docker info lists the insecure registry:

 Insecure Registries:
  192.168.0.103:5000
  127.0.0.0/8

On the master node, in /var/lib/rancher/k3s/agent/etc/containerd/config.toml I can see that the config from registries.yaml sort of “arrived”:

$ cat /var/lib/rancher/k3s/agent/etc/containerd/config.toml

[plugins.opt]
  path = "/var/lib/rancher/k3s/agent/containerd"

[plugins.cri]
  stream_server_address = "127.0.0.1"
  stream_server_port = "10010"
  enable_selinux = false
  sandbox_image = "docker.io/rancher/pause:3.1"

[plugins.cri.containerd]
  snapshotter = "overlayfs"

[plugins.cri.cni]
  bin_dir = "/var/lib/rancher/k3s/data/ad8f0f93ebb9db5c507884fcdec249d73dd348293dac194e01462c57815cca46/bin"
  conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d"

[plugins.cri.containerd.runtimes.runc]
  runtime_type = "io.containerd.runc.v2"

[plugins.cri.registry.mirrors]

[plugins.cri.registry.mirrors."192.168.0.103:5000"]
  endpoint = ["http://192.168.0.103:5000"]

[plugins.cri.registry.configs."192.168.0.103:5000".auth]
  username = "admin"
  password = "xxxxx"

Unfortunately, kubectl describe deployment xxx doesn’t seem to be impressed by my configuration attempts, although everything has been restarted.

  Type     Reason     Age   From               Message
  ----     ------     ----  ----               -------
  Normal   Scheduled  6s    default-scheduler  Successfully assigned mydeployment/mypackage-deployment-56fffb99d-7zqp4 to nuc2
  Normal   Pulling    5s    kubelet            Pulling image "192.168.0.103:5000/mypackage:1.0.0"
  Warning  Failed     5s    kubelet            Failed to pull image "192.168.0.103:5000/mypackage:1.0.0": rpc error: code = Unknown desc = failed to pull and unpack image "192.168.0.103:5000/mypackage:1.0.0": failed to resolve reference "192.168.0.103:5000/mypackage:1.0.0": failed to do request: Head "https://192.168.0.103:5000/v2/mypackage/manifests/1.0.0": http: server gave HTTP response to HTTPS client
  Warning  Failed     5s    kubelet            Error: ErrImagePull
  Normal   BackOff    4s    kubelet            Back-off pulling image "192.168.0.103:5000/mypackage:1.0.0"
  Warning  Failed     4s    kubelet            Error: ImagePullBackOff

What else can I try?
Thank you in advance.

1 Like
2

Hi,

I have a similar issue. Did you solve it  ?
3

https://llimon.github.io/post/k3s-registry/

Seems like it’s not really supposed to be supported that well.

4

Did you fixed it ? I got the same issue!