Unable to pull image

[prasus]

Greetings,

I have deployed Docker for Mac with K8 support from the edge channel (Version 18.03.0-ce-rc1-mac54), The installation went fine without any issues. But I am facing issues with my kubectl deployments while pulling the image from my private nexus OSS repository. I have added my registry into the insecure registry list (Docker->Preferences->Daemon option) and I'm able to pull the images with "docker pull", but the kubectl deployment always fails with the below error.

The below snip is taken from kubectl describe pod, Appreciate if you could shed some light on fixing this issue. Thank you!

  Normal   Pulling                19m (x4 over 21m)   kubelet, docker-for-desktop  pulling image "<repo-ip>:18443/<image-name>"
  Warning  Failed                 19m (x4 over 21m)   kubelet, docker-for-desktop  Failed to pull image "<repo-ip>:18443/<image-name>": rpc error: code = Unknown desc = Error response from daemon: Get http://<repo-ip>:18443/v2/: EOF
  Warning  Failed                 19m (x4 over 21m)   kubelet, docker-for-desktop  Error: ErrImagePull
  Warning  Failed                 11m (x39 over 21m)  kubelet, docker-for-desktop  Error: ImagePullBackOff
  Normal   BackOff                1m (x82 over 21m)   kubelet, docker-for-desktop  Back-off pulling image "<repo-ip>:18443/<image-name>"

[guillaumerose]

It seems that the VM can't reach your registry. Can you try to run docker run -it dockerpinata/curl curl http://<repo-ip>:18443/v2/ ?

[prasus]

The connection appears to be fine, Please find the command o/p below..

docker run -it dockerpinata/curl curl -vvv http://<repo-hostname>:18443/v2/
*   Trying <repo-ip>...
* TCP_NODELAY set
* Connected to <repo-url> (<repo-ip>) port 18443 (#0)
> GET /v2/ HTTP/1.1
> Host: <repo-hostname>:18443
> User-Agent: curl/7.52.1
> Accept: */*
> 
* Curl_http_done: called premature == 0
* Connection #0 to host <repo hostname> left intact

docker run -it dockerpinata/curl curl -I http://<repo-hostname>:18443/v2/
curl: (8) Weird server reply

[guillaumerose]

Can you launch it with a simple docker run command ? If it works, I suppose this is a Kubernetes configuration issue.

Also, can you upload a diagnostic ? Not sure I can find something relevant inside.

[prasus]

docker pull and docker run works fine, I have not done any configuration changes and it's a plain installation by following the instructions at https://docs.docker.com/docker-for-mac/#kubernetes

Could you please share the steps for collecting the diagnostics logs? Thanks!.

[prasus]

The diagnostic logs have been collected and uploaded. Below is the diagnostic ID

98B87A0F-3659-4DD1-8D39-700D8D4F0B68

[JCzz]

I can confirm - same issue here

[davinkevin]

Same for me with a private artifactory and the standard configuration

[vmbobyr]

Hello,

I'm getting the similar issue with pulling image from private registry.
have configured credentials to the private registry using the guide below(created secret, assign it to imagePullSecrets for default serviceaccount, and it was properly propagated to pod descrition): https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry
but still getting errors like below:

Failed to pull image "<private_registry>/<image>": rpc error: code = Unknown desc = Error response from daemon: Get <private_registry>/<image>: denied: access forbidden

Engine: 18.05.0-ce
Kubernetes: v1.10.3

--
regards
Vova

[vmbobyr]

Found root cause for my case.
It was related to kubernetes/kubernetes#57427

upgdate kubectl client to v1.9.6 helped.

[docker-robott]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[buckhx]

Not ideal, but manually pulling and setting "imagePullPolicy: Never" works as intended.

Seems like the VM that docker is using for does not have access to the creds on the filesystem, guessing a mount of some kind is necessary to actually fix.

[GianniGiglio]

Is there a fix for this issue I still have the same issue on the l
latest version

[manojkumarbardhan]

Try to add --image-pull-policy=IfNotPresent with your kubectl run command.

[GianniGiglio]

Try to add --image-pull-policy=IfNotPresent with your kubectl run command.

This is already the default policy if not specified. The issue is not being able to pull from a private repository although the docker demon is configured to.

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked