I am using Openshift Origin in a Docker container and pulled in an image from the Docker registry (a container on the same RHEL host VM) using:
oc new-app --insecure-registry=true --docker-image=mtl-vm375:5000/jenkins:1.0
That command seemed to work fine at the time. However, the pod stays as "ContainerCreating" and the result from kubectl describe pods:
OPENSHIFT_DEPLOYMENT_NAME: jenkins-1
OPENSHIFT_DEPLOYMENT_NAMESPACE: default
Conditions:
Type Status
Ready False
Volumes:
deployer-token-3bls9:
Type: Secret (a volume populated by a Secret)
SecretName: deployer-token-3bls9
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
2h 4m 33 {kubelet mtl-vm375} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "Error while pulling image: Get https://index.docker.io/v1/repositories/openshift/origin-pod/images: dial tcp 10.230.22.20:443: connection refused"
2h 6s 652 {kubelet mtl-vm375} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"openshift/origin-pod:v1.1.5\""
Has an error that shows it is trying to use https, which I am guessing (but am not sure) is the error, as I do not have https correctly set up with certificates yet:
Per other advice on Stackoverflow, I have added these environment variables to the Origin image: KUBE_ENABLE_INSECURE_REGISTRY=true EXTRA_DOCKER_OPTS=--insecure-registry
I have also had similar results with: KUBE_ENABLE_INSECURE_REGISTRY=true\ EXTRA_DOCKER_OPTS="--insecure-registry 10.230.22.20"
Version information:
[root@mtl-vm375 origin]# oc version
oc v1.1.5-52-gd58f979 kubernetes v1.2.0-36-g4a3f9c5
and
[root@mtl-vm375 ~]# docker version
Client:
Version: 1.8.2-el7.centos
API version: 1.20
Package Version: docker-1.8.2-10.el7.centos.x86_64
Go version: go1.4.2
Git commit: a01dc02/1.8.2
Built:
OS/Arch: linux/amd64
Server:
Version: 1.8.2-el7.centos
API version: 1.20
Package Version:
Go version: go1.4.2
Git commit: a01dc02/1.8.2
Built:
OS/Arch: linux/amd64
Thanks in advance,
John
This are the steps I performed to use an image from another Docker registry (even outside my cluster).
My registry:
https://ec2-xx-xx-xx-xx.eu-central-1.compute.amazonaws.com:5000
I create the project (in OS) to where I want to push.
$ oc new-project test
I'm inside the project and I'll create a secret so that my openshift is able to access my registry:
$ oc secrets new-dockercfg mysecret --docker-server=https://ec2-xx-xx-xx-xx.eu-central-1.compute.amazonaws.com:5000 --docker-username=testuser --docker-password=testpassword --docker-email=any@mail.com
add secret to serviceaccounts
$ oc secrets add serviceaccount/default secrets/mysecret --for=pull
$ oc secrets add serviceaccount/builder secrets/mysecret
import image stream
$ oc import-image --insecure ec2-xx-xx-xx-xx.eu-central-1.compute.amazonaws.com:5000/test/name-of-image:1 --confirm
Now you're able to create a
oc new-app --insecure-registry <image-stream-name>:tag
A better way is to push your images to the OpenShift registry. Than it isn't necessary to create a secret and to perform the oc import.
You're able to expose a registry (secure registry) so you can access the registry from outside your cluster to push images.