Private docker repo doesn't work (access forbidden)


#1

I have a problem with pulling docker images from a private registry (hosted using the feature in GitLab).

I added a private registry under Resources -> Registries and tested that the credentials work with docker login registry.example.com. Still, when trying to deploy a container with kubernetes, it doesnt seem to use the credentails at all.

The error I get is:
Failed to pull image "registry.example.com/path/name:1.0.0": rpc error: code = 2 desc = Error response from daemon: {"message":"Get https://registry.example.com/v2/path/name/manifests/1.0.0: denied: access forbidden"}

Any hints on what to check for?
(Pulling public images like ubuntu:xenial works)

It is a newly setup RancherOS v1.1.0 instance with Rancher v2.0.0-alpha6 installed in the local disk.

note: registry.example.com is not the proper URL, of course :slight_smile:


#2

I don’t know the exact details, but there might be an issue where the kubelet container needs restarted to pick up the credentials. Can you try doing that?

@joshwget can you provide input on this? Am I right or off base?


#3

Thank you for responding!

I even restarted the whole server, so I don’t think that is the issue, unfortunately.


#4

I don’t think restarting the kubelet should be required for this. There is a known issue around private registries though, and this should be fixed in the next release.


#5

I must have gotten the restart thing confused with something else. (also I didnt notice the 2.0 tag on the issue until just now. I was thinking of something in 1.6)


#6

@joshwget I also added the same question/issue to the GitHub issue list. I couldn’t find anything similar for 2.0 there.

@cjellick I think I read something about requiring a restart when changing the default registry in 1.6. It might have been it.

I must say that Rancher 2.0 looks very promising, and I can’t wait until this issue is fixed, and the access management is implemented. :slight_smile:


#7

I’ve just deployed a test environment with Rancher 2.0. I’m seeing the same now as well.

If I pull first then I can deploy it, however it will not pull from my gitlab repo on it’s own!


#8

I have the same problem with Rancher2 and using gitlab.com private repo.