Private docker repo doesn't work (access forbidden)

magan · September 27, 2017, 10:54am

I have a problem with pulling docker images from a private registry (hosted using the feature in GitLab).

I added a private registry under Resources -> Registries and tested that the credentials work with docker login registry.example.com. Still, when trying to deploy a container with kubernetes, it doesnt seem to use the credentails at all.

The error I get is:
Failed to pull image "registry.example.com/path/name:1.0.0": rpc error: code = 2 desc = Error response from daemon: {"message":"Get https://registry.example.com/v2/path/name/manifests/1.0.0: denied: access forbidden"}

Any hints on what to check for?
(Pulling public images like ubuntu:xenial works)

It is a newly setup RancherOS v1.1.0 instance with Rancher v2.0.0-alpha6 installed in the local disk.

note: registry.example.com is not the proper URL, of course

cjellick · September 27, 2017, 3:40pm

I don’t know the exact details, but there might be an issue where the kubelet container needs restarted to pick up the credentials. Can you try doing that?

@joshwget can you provide input on this? Am I right or off base?

magan · September 27, 2017, 3:57pm

Thank you for responding!

I even restarted the whole server, so I don’t think that is the issue, unfortunately.

joshwget · September 27, 2017, 5:14pm

I don’t think restarting the kubelet should be required for this. There is a known issue around private registries though, and this should be fixed in the next release.

cjellick · September 27, 2017, 7:13pm

I must have gotten the restart thing confused with something else. (also I didnt notice the 2.0 tag on the issue until just now. I was thinking of something in 1.6)

magan · September 28, 2017, 6:16am

@joshwget I also added the same question/issue to the GitHub issue list. I couldn’t find anything similar for 2.0 there.

@cjellick I think I read something about requiring a restart when changing the default registry in 1.6. It might have been it.

I must say that Rancher 2.0 looks very promising, and I can’t wait until this issue is fixed, and the access management is implemented.

guy · May 6, 2018, 8:07am

I’ve just deployed a test environment with Rancher 2.0. I’m seeing the same now as well.

If I pull first then I can deploy it, however it will not pull from my gitlab repo on it’s own!

josecelano · September 27, 2018, 11:54am

I have the same problem with Rancher2 and using gitlab.com private repo.

guy · March 8, 2019, 8:41am

I’m using rancherOS 1.5.1 and rancher 2.1.7

I have set cloud-config with private registries

registry_auths:
“https://gitlab.local:5005”:
auth: “akjhfkjhkjhsdlkjhsadkljhsadf”

I can use docker pull to download the image manually, it’s working fine, however via deploy in rancher it’s failing the authentication.

Topic		Replies	Views
Private Registry image pulling fails Rancher	5	3910	July 26, 2019
Unable to pull images from private registry Rancher 1.x	2	7087	August 9, 2017
How to use a private registry from gitlab Rancher	7	6994	May 30, 2019
Pulling images from private registry	1	125	August 22, 2024
Private registry not working Rancher	7	15744	April 28, 2020

Private docker repo doesn't work (access forbidden)

Related topics