1

I'm using JFrog repository as my private registry. And I have specified the secret in order to authenticate with the JFrog. But it says

Failed to pull image "private_registry/image_name": rpc error: code = Unknown desc = failed to pull and unpack image "private_registry/image_name": failed to resolve reference "": failed to authorize: failed to fetch oauth token: unexpected status: 401 Unauthorized
  Warning  Failed     2s (x2 over 14s)  kubelet, worker-0  Error: ErrImagePull

Pod-Def.yml

I have created a secret file too. But still it doesn't pull the image. When I do docker image pull private_registry/image_name the image get pulled.

flaxel
  • 4,173
  • 4
  • 17
  • 30
Dusty
  • 231
  • 1
  • 3
  • 16
  • It's clear from the message that it's unable to authenticate. can you provide the secret.yaml you created? (musking the artifactory URL and creds) – Saikat Chakrabortty Nov 14 '20 at 03:23
  • 1
    The pod should be in the same namespace as the secret. Check both namespace too. – Behnam Nov 14 '20 at 07:14
  • You'll get errors if you submit a PNG file like that to Kubernetes. Can you edit the question to replace the image with the actual text contents of the YAML file you're submitting? – David Maze Nov 14 '20 at 07:26
  • 1
    Hi guys, there was a mistake with the secret. I've corrected the mistake. Now it works Thanks – Dusty Nov 14 '20 at 13:59
  • 1
    @SaikatChakrabortty as you were the person that identified the issue in this question, please provide your comment as an answer for better visibility. – Dawid Kruk Nov 16 '20 at 13:27

1 Answers1

2

From the question, it's clear that it's not able to authenticate for some reason, It could be a misconfiguration of the secret also possible that the credential used is/are not valid.

Since the secret.yaml file is not present, not aware of the format.

In this case, I would suggest looking at 2 things

  1. Check if the credentials are correct. (In this case, probably you can use docker pull after docker login with the same credential)

If you are able to pull the image successfully, take a look at the next point.

  1. In this, you have the check the way you configure or pass the credentials in the chart is correct.

There are different ways to pass credentials in different cases, you can take a look at this official doc. and here in devops exchange the answer also might help to get some insight.

and here is how my secret.yaml looks like:

---
apiVersion: v1
kind: Secret
metadata:
  name: {{ .Chart.Name }}-docker-credentials
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ .Chart.Name }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
type: kubernetes.io/dockercfg
data:
  .dockercfg: {{ "{\".Values.REGISTRY.URL>>/\":{\"username\":\".Values.REGISTRY.USER_NAME>>\",\"password\":\".Values.REGISTRY.PASSWORD>>\",\"email\":\".Values.REGISTRY.EMAIL>>\",\"auth\":\".Values.REGISTRY.AUTH_TOKEN>>\"}}" | b64enc | quote }}

in the deployments i do:

spec:
   imagePullSecrets:
      - name: {{ .Chart.Name }}-docker-credentials

Since you have already resolved, hope this would help someone else.

Saikat Chakrabortty
  • 2,520
  • 4
  • 22
  • 39