Kubernetes cannot run pods without access to public internet #1545
Comments
smarterclayton
added
kind/bug
|
(treating this as a bug because public internet access is surprisingly restricted) |
|
I've been thinking about this in the context of binary deploys. I'd like to do development on a plane :) If we run a registry with each cluster (#1319) we could build and do a "docker export" of the pause image as part of building the distribution. We could then "docker import" that into the cluster registry as part of cluster spin up. We'll will probably want to be able to ship container images around outside of a central registry. This gets more complicated the larger those images get. If we do really-static golang binaries it should be small enough to be workable. |
|
At the very least, making the specific container to use as the 'pause' --brendan On Thu, Oct 2, 2014 at 11:33 AM, Joe Beda notifications@github.com wrote:
|
Public access to the DockerHub is not guaranteed in all environments, add a flag to the kubelet that allows it to use a different image (like one on a private registry) as well as only pull the first time the image is needed. Fixes kubernetes#1545
For environments that cannot access the DockerHub (banks, secure sites), there is no way to even run Kubernetes because you can't pull "kubernetes/pause".
A solution is probably a combination of changing the policy (#1458) for the net container (don't pull if it already exists?) as well as allowing the kubelet to be started with a parameter or env var for which image to use instead of kubernetes/pause:latest ("myregistry:5000/pause/latest").
Since we have people hitting this now I'm going to try to fix both - any potential issues folks see with that?
The text was updated successfully, but these errors were encountered: