[Kubernetes] "Image can't be pulled" error from while pulling image from private insecure registry

Kubernetes pull image from private insecure registry

I have a private insecure registry configured with images being pushed to it successfully. I am trying to deploy a kubernetes deployment and service for that image but I get the below error for the pod
Error from server (BadRequest): container "my-app" in pod "my-deployment-695b96dc66-4mzdn" is waiting to start: image can't be pulled
Detailed error with describe command is
Failed to pull image "C6-PU-POC-ND-SH-A-APS-3:5000/temp/leads:latest": rpc error: code = Unknown desc = failed to pull and unpack image "C6-PU-POC-ND-SH-A-APS-3:5000/temp/leads:latest": failed to resolve reference "C6-PU-POC-ND-SH-A-APS-3:5000/temp/leads:latest": failed to do request: Head "[https://C6-PU-POC-ND-SH-A-APS-3:5000/v2/temp/leads/manifests/latest](https://C6-PU-POC-ND-SH-A-APS-3:5000/v2/temp/leads/manifests/latest)": http: server gave HTTP response to HTTPS client
docker pull works with this command - I have daemon.json configured with insecure-registries
docker pull C6-PU-POC-ND-SH-A-APS-3:5000/temp/leads:latest
Any idea what could be wrong?

Thanks.

kind: Deployment
metadata:
  name: orion-leads-deployment
  namespace: oleads
spec:
  replicas: 1
  selector:
    matchLabels:
      app: orion-leads-app
  template:
    metadata:
      labels:
        app: orion-leads-app
    spec:
      containers:
        - name: orion-leads-app
          image: C6-PU-POC-ND-SH-A-APS-3:5000/temp/leads:latest
          resources:
            requests:
              memory: "64Mi"
              cpu: 0.5
            limits:
              memory: "512Mi"
              cpu: 0.5
          ports:
          - containerPort: 8980
          imagePullPolicy: Always```

You need the set insecure registry mode

Or setup HTTPS for your registry

  • thanks for the input but as I mention in my original post, I have already added insecure-registries in daemon.json file under /etc/docker. The docker pull command also works btw so that should indicate that ip resolution works and registry is accessible too

However you did it, it didn’t work

So … do it the way that works?

You probably aren’t using docker anymore

It’s deprecated in Kubernetes and has already been removed in the main branch

Containerd has its own config

Oh ok …
> So … do it the way that works?
I didn’t catch this

Okay so first, what is your CRI plugin

I use k3s as kubernetes which uses containerd as the runtime

Okay, then any docker config would do nothing :smile:

Right good point :slightly_smiling_face:
I need to find out the config for containerd

            insecure_skip_verify = true```

Seems like this overall isn’t well supported in containerd

You should probably just set up TLS for the registry :stuck_out_tongue:

TLS sounded tough so I thought about this route.

            insecure_skip_verify = true```
Where do I add the above text?

Search for “containerd insecure registry” and you’ll find some tickets on their repo with a few examples