How to pull new docker images to openshift cluster nodes from remote private registry?

Question

All steps specified in https://blog.openshift.com/remotely-push-pull-container-images-openshift/ (and other sources) worked perfectly on master, but it does not help me to pull from nodes.

Details:

1. Logged in on master and two nodes to registry: docker login https://my.registry:5000

2. Created new secret on master with: oc secrets new my.registry .dockerconfigjson=/root/.docker/config.json (can't do the same on nodes, because they do not have oc utility)

3. In my current project added secret for default account: oc secrets add serviceaccount/default secrets/my.registry --for=pull

Now when I'm naking a new deployment, the pods created on master will start perfectly well (master will be able to pull needed images), but pods on nodes will fail to start unless I manually pull images on them with docker pull.

So how can I make all nodes from my openshift (origin) cluster pull images with specified default account?

Answer 1

The problem was in https://github.com/openshift/origin/issues/13122 Master somehow managed to pull and extract images faster, while nodes had a timeout.

Answer 2

I believe the command may have changed somewhat with recent versions of origin. The following works for me:

oc new-project my-project
oc secrets new docker-pull-secret .dockerconfigjson=${HOME}/.docker/config.json --namespace=my-project
oc secrets link default docker-pull-secret --for=pull --namespace=my-project