Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Istio installation failed with private docker registry #34636

Closed
sachithmuhandiram opened this issue Aug 11, 2021 · 3 comments
Closed

Istio installation failed with private docker registry #34636

sachithmuhandiram opened this issue Aug 11, 2021 · 3 comments
Labels
area/environments

Comments

@sachithmuhandiram
Copy link

sachithmuhandiram commented Aug 11, 2021
edited

Bug description

Installation gets timeout errors and in kubectl get pods -n istio-system shows ImagePullBackOff

kubectl describe pod istiod-xxx-xxx -n istio-system

Failed to pull image "our-registry:5000/pilot:1.10.3": rpc error: code = Unknown desc = Error response from daemon: Head https://our-registry:5000/v2/pilot/manifests/1.10.3: no basic auth credentials

Affected product area (please put an X in all that apply)

[x ] Installation

Expected behavior

Successful installation with istioctl install --set profile=demo --set hub=our-registry:5000

Steps to reproduce the bug

  • Create istio-system namespace.

  • Set docker-registry user credentials for istio-system namespace.

  • istioctl manifest generate --set profile=demo --set hub=our-registry:5000 > new-generated-manifest.yaml

  • Verify it has proper images with our-registry:5000

  • Pull and push required images to our-registry:5000

  • istioctl install --set profile=demo --set hub=our-registry:5000

Version

Kubernetes : v1.21

Istio : 1.10.3 / 1.7.3

How was Istio installed?

istioctl install --set profile=demo --set hub=our-registry:5000

[References]

  1. Tried to setup imagePullSecrets as described here, but it gives

Json object error

  1. Here describe about using it in charts, but dont know how they applied it.
@su225
Copy link
Contributor

su225 commented Aug 16, 2021
edited

The error message indicates that the private registry requires credentials. In your istioctl install command I don't see it anywhere. You can check the deployment manifest rendered with istioctl manifest generate command. If pulling images requires credentials then imagePullSecrets have to be specified. This is a Kubernetes thing. See here. You have to use overlays to specify imagePullSecrets in the pod template. As mentioned before you can check if manifests are being rendered correctly with istioctl manifest generate command.

EDIT: Read entire issue now. I see you have tried setting with charts. If none of it works, then you can use overlays.

@tiggerlee2
Copy link

tiggerlee2 commented Aug 18, 2021
edited 

istioctl install --set profile=demo --set hub=our-registry:5000 --set "values.global.imagePullSecrets[-1]=secretName" --set "values.global.imagePullSecrets[-1]=secretName2"  --dry-run

@sachithmuhandiram
Copy link
Author

Thanks for the suggestions. I have solved the issue using

istioctl install --set profile=demo --set values.global.imagePullSecrets[0]=<auth-secret>

Here <auth-secret> was the docker registry password created for istio-system namespace.

SO thread

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/environments
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tiggerlee2 @sachithmuhandiram @su225 @istio-policy-bot