CODEWITHSUNDEEP
dockerkubernetes
user4202236
user4202236

Reputation: 210

Kubernetes ignores config.json while doing docker pull

I am trying to pull an image from private registry and I have the auth stored in /root/.docker/config.json in a kubernetes cluster node. I have also verified that the auth works as expected while pulling the docker image. 

curl -v \
     -X GET \
     -H "Authorization: Bearer $(cat /tmp/auth_bearer.txt)" repo-url/manifests/latest \
     -H "Accept: application/vnd.docker.distribution.manifest.v2+json"

Response: 

< HTTP/1.1 200 OK < Date: Wed, 11 Mar 2020 23:27:09 GMT <
Content-Type: application/vnd.docker.distribution.manifest.v2+json <
Content-Length: 3455 < Connection: keep-alive < Vary: Origin <
opc-request-id: 772f679098749bb474d59161 < Docker-Content-Digest:
sha256:17dcbbf7c670d8894ddfefc2907c9f045bfc45e60954525635632abbf02910
< {    "schemaVersion": 2,    "mediaType":
"application/vnd.docker.distribution.manifest.v2+json",    "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 9504,
      "digest": "sha256:d59db4a22d6ba8f1d3b5d7c8f8f410688dee569a947bf242e6c3e3b708f634829"
},    "layers": [
      { [...]

From the above response, it is clear that I have the image present at the private repo location and the auth is correct. However when I try to do docker pull <repo-url>/image-name:image-tag I get this error:

Trying to pull repository <repo-url>/image-name:image-tag ... 
pull access denied for <repo-url>/image-name:image-tag, repository does not exist or may require 'docker login'

Can someone please tell me what I am missing here? Why is the node ignoring docker credentials stored at /root/.docker/config.json?

Upvotes: 0

Views: 1858

Answers (1)

whymatter
whymatter

Reputation: 775

Use file based config

According to the documentation there is the following option: https://kubernetes.io/docs/concepts/containers/images/#configuring-nodes-to-authenticate-to-a-private-registry

You can set the docker secrets in a file listed here:

  • {--root-dir:-/var/lib/kubelet}/config.json
  • {cwd of kubelet}/config.json
  • ${HOME}/.docker/config.json
  • /.docker/config.json
  • {--root-dir:-/var/lib/kubelet}/.dockercfg
  • {cwd of kubelet}/.dockercfg
  • ${HOME}/.dockercfg
  • /.dockercfg

Note: You may have to set HOME=/root explicitly in your environment file for kubelet.

Upvotes: 3

Related Questions