Kubernetes pull from insecure docker registry

Question

I have stacked in this phase:

1. Have local docker insecure registry and some images in it, e.g. 192.168.1.161:5000/kafka:latest
2. Have kubernetes cloud cluster, for which I can access only via ~/.kube/config file, e,g. token.

Need to deploy below deployment, but kubernetes cannot pull images, error message:

Failed to pull image "192.168.1.161:5000/kafka:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://192.168.1.161:5000/v2/: http: server gave HTTP response to HTTPS client

apiVersion: v1
kind: Service
metadata:
  name: kafka
  labels:
    app: kafka
spec:
  type: NodePort
  ports:
  - name: port9094
    port: 9094
    targetPort: 9094
  selector:
    app: kafka
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kafka
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: kafka
    spec:
      hostname: kafka
      containers:
      - name: redis
        image: 192.168.1.161:5000/kafka:latest
        imagePullPolicy: Always

      ports:
      - name: port9094
        containerPort: 9094
      - envFrom:
        - configMapRef:
            name: env

  imagePullSecrets:
  - name: regsec

ON Kubernetes cluster I have created secret file "regsec" with this command:

kubectl create secret docker-registry regsec  --docker-server=192.168.1.161 --docker-username=<name from config file> --docker-password=<token value from config file>

cat ~/.docker/config.json
{
        "auths": {},
        "HttpHeaders": {
                "User-Agent": "Docker-Client/18.06.0-ce (linux)"
        }

cat /etc/docker/daemon.json
{
      "insecure-registries":["192.168.1.161:5000"]
}

kubectl version
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:17:28Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:05:37Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}


    docker version
Client:
 Version:           18.06.0-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        0ffa825
 Built:             Wed Jul 18 19:09:54 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.0-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       0ffa825
  Built:            Wed Jul 18 19:07:56 2018
  OS/Arch:          linux/amd64
  Experimental:     false

Answer 1

You need to go to each of your nodes, edit the file /etc/default/docker.json and add the following in it:

{
    "insecure-registries": ["192.168.1.161:5000"]
}

Answer 2

I used minikube for my Kubernetes cluster.

When I tried to apply a Pod with an image from my private docker registry (that is local, without authentication), the Pod didn't run and describe had a message indicating the repository wasn't reached (paraphrasing).

To fix this, I had to configure insecure-registry for the Docker daemon. According to the Docker docs, this can be done in two ways: as a flag passed to the dockerd command, or by modifying /etc/docker/daemon.json (on Linux).

However, as I used minikube to create and configure the cluster and daemon, I instead followed the minikube docs to set the flag --insecure-registry. The complete command is:

minikube start --insecure-registry "DOMAIN_DOCKER_REGISTRY:PORT_DOCKER_REGISTRY"