-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Airgap - Rancher container cannot recognize the private registry #123
Comments
Need to document this in Rancher docs and also add to the release notes. If there are certs on the registry need to follow the k3s doc for adding the private-registry. The certs and registry confirmation files need to be mounted into Rancher container. https://rancher.com/docs/k3s/latest/en/installation/private-registry/ |
I resolved the problem using the method above you mentioned in the rancher master cluster after a SLB ,and the local cluster work well. The ECS is no public IP and use private registry. But when I deployed another cluster ,the problem comes again. This cluster can use private chart registry and deployed the apps. The ECS is no public IP and use private registry. but I can not use kubectl in the UI in this cluster. The error message is showed below:
and I didnot find the way to mount the certs and registry confirmation files as start rancher master cluster when I deployed the cluster use ui in the rancher. |
I fix this by add the private registry in the setting of system-default-registry in Global Tab in the rancher UI. Hope this can be help to others. |
Pull k3s docs into Rancher docs and have QA review our docs. Private Registry is not well documented in Docker, and we don't cover it in Rancher. |
@maggieliu |
What kind of request is this (question/bug/enhancement/feature request):
bug
Steps to reproduce (least amount of steps as possible):
v2.5.0-alpha3
single install in airgap envsudo docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 -v ${PWD}/fullchain.pem:/etc/rancher/ssl/cert.pem -v ${PWD}/privkey.pem:/etc/rancher/ssl/key.pem -e CATTLE_SYSTEM_DEFAULT_REGISTRY=ec2-18-191-239-133.us-east-2.compute.amazonaws.com -e CATTLE_SYSTEM_CATALOG=bundled ec2-18-191-239-133.us-east-2.compute.amazonaws.com/rancher/rancher:v2.5.0-alpha3 --no-cacerts
Result:
E0917 18:57:08.364148 23 pod_workers.go:191] Error syncing pod 0bf36ee9-6ccf-4c6a-9779-2ebb241257fd ("helm-operation-nrjhs_cattle-system(0bf36ee9-6ccf-4c6a-9779-2ebb241257fd)"), skipping: [failed to "StartContainer" for "helm" with ErrImagePull: "rpc error: code = Unknown desc = failed to pull and unpack image \"ec2-18-191-239-133.us-east-2.compute.amazonaws.com/rancher/shell:v0.1.2\": failed to resolve reference \"ec2-18-191-239-133.us-east-2.compute.amazonaws.com/rancher/shell:v0.1.2\": failed to do request: Head https://ec2-18-191-239-133.us-east-2.compute.amazonaws.com/v2/rancher/shell/manifests/v0.1.2: x509: certificate signed by unknown authority", failed to "StartContainer" for "proxy" with ImagePullBackOff: "Back-off pulling image \"ec2-18-191-239-133.us-east-2.compute.amazonaws.com/rancher/shell:v0.1.2\""]
The text was updated successfully, but these errors were encountered: