Reputation: 83725
Kubernetes Private Docker Registry Push Error
So I have deployed a Kubernetes cluster and installed a private Docker registry. Here is my registry controller:
---
apiVersion: v1
kind: ReplicationController
metadata:
name: registry-master
labels:
name: registry-master
spec:
replicas: 1
selector:
name: registry-master
template:
metadata:
labels:
name: registry-master
spec:
containers:
- name: registry-master
image: registry
ports:
- containerPort: 5000
command: ["docker-registry"]
And the service:
---
apiVersion: v1
kind: Service
metadata:
name: registry-master
labels:
name: registry-master
spec:
ports:
# the port that this service should serve on
- port: 5000
targetPort: 5000
selector:
name: registry-master
Now I sshed to one of Kubernetes' nodes and built a Ruby app container:
cd /tmp
git clone https://github.com/RichardKnop/sinatra-redis-blog.git
cd sinatra-redis-blog
docker build -t ruby-redis-app
When I try to tag it and push it to the registry:
docker tag ruby-redis-app registry-master/ruby-redis-app
docker push 10.100.129.115:5000/registry-master/ruby-redis-app
I am getting this error:
Error response from daemon: invalid registry endpoint https://10.100.129.115:5000/v0/: unable to ping registry endpoint https://10.100.129.115:5000/v0/
v2 ping attempt failed with error: Get https://10.100.129.115:5000/v2/: read tcp 10.100.129.115:5000: connection reset by peer
v1 ping attempt failed with error: Get https://10.100.129.115:5000/v1/_ping: read tcp 10.100.129.115:5000: connection reset by peer. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 10.100.129.115:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/10.100.129.115:5000/ca.crt
Any idea how to solve it? I have been struggling with this for several hours.
Richard
Upvotes: 2
Views: 1244
Answers (3)
Reputation: 22099
If you are using Ubuntu, add this line into your /etc/default/docker file.
$DOCKER_OPTS=“--insecure-registry xxx.xxx.xxx.xxx:5000”
Where the xxx.xxx.xxx.xxx is your private registry ip.
And then restart your docker client.
sudo docker service restart
Upvotes: 0
Reputation: 20798
if you're using HTTPS, you must have created a self-signed certificate (with your own CA authority) or you have a CA signed certificate.
If so, you need to install this CA cert on the machine you're calling FROM
put your CA cert in
/etc/ssl/certs
and run
update-ca-certificates
sometimes I have had to put it also in
/usr/local/share/ca-certificates/
(in both cases your CA file EXTENSION should be .pem
For Docker you may also need to put a file in
/etc/docker/certs.d/<--your-site-url--->/ca.crt
and the file must be named ca.crt
(same file file as the .pem file but named ca.crt)
Upvotes: 1
Reputation: 281
I saw a similar issue and it was related to my registry not supporting https. If your registry does not support https, then you'll have to specify it's an insecure registry to the docker daemon
echo 'DOCKER_OPTS="--insecure-registry 10.100.129.115:5000"' | sudo tee -a /etc/default/docker
And then restart your docker daemon.
Upvotes: 0
Related Questions
- Kubernetes Node unable to access Docker Private Registry
- Kubernetes with private docker registry v2
- Kubernetes/docker ErrImagePull when deploying app from private registry
- Can't push/pull from local docker registry
- Getting ErrImagePull when trying to use Local Docker Registry with Kubernetes
- Private docker registry on Kubernetes
- Docker push intermittent failure to private docker registry on kubernetes (docker-desktop)
- Kubernetes - Error pulling from a private docker registry
- docker registry push error
- Docker push to private registry issues