Search code examples
jenkinsdocker-registryopenshift-enterprise

Deploying a modified Jenkins image in openshift fails

I used a "jenkins-1-centos7" image to deploy in my openshift to run projects on my jenkins image. It successfully worked and after many configurations, I duplicated a new image out of this jenkins container. Now I want to use this image to be used as a base for further development, but deploying a pod on to this image fails with the error "ErrImagePull".

On my investigations, I found that openshift needs the image to be present in the docker registry in order to deploy pods successfully. I deployed another app for docker registries, now when I try to push my updated image into this docker registry it fails with the message "authentication required". I've given admin privileges to my user.

docker push <local-ip>:5000/openshift/<new-updated-image>
The push refers to a repository [<local-ip>:5000/openshift/<new-updated-image>] (len: 1)
c014669e27a0: Preparing
unauthorized: authentication required

How can I make sure that the modified image gets deployed successfully?

Solution

  • Probably this answer will need edits because your issue can be caused by a lot of things. (I assume you are using OpenShift origin? (opensource)). Because I see the Centos7 image for Jenkins.

    First off all you need to deploy the openshift registry in the default project.

    $ oc project default
$ oadm registry --config=/etc/origin/master/admin.kubeconfig \
    --service-account=registry

    A registry pod will be deployed. Above the registry will be created a service (sort of endpoint which will function as loadbalancer above your pods).

    This service has an IP which is inside the 172.30 range. You can check this IP in the webconsole or perform (assuming you're still in the default project): $ oc get svc

    NAME              CLUSTER-IP      EXTERNAL-IP   PORT(S)                   AGE
docker-registry   172.30.22.11   <none>        5000/TCP                  8d
kubernetes        172.30.32.13      <none>        443/TCP,53/UDP,53/TCP     9d
router            172.30.42.42    <none>        80/TCP,443/TCP,1936/TCP   9d

    So you'll need to use the service IP of your docker-registry to authenticate. You'll also need a token:

    $ oc whoami -t
D_OPnWLdgEbiKJzvG1fm9dYdX..

    Now you're able to perform the login and push the image:

    $ docker login -u admin -e [email protected] \
-p D_OPnWLdgEbiKJzvG1fm9dYdX 172.30.22.11:5000
WARNING: login credentials saved in /root/.docker/config.json
Login Succeeded

$ docker tag myimage:latest 172.30.22.11/my-proj/myimage:latest

$ docker push 172.30.22.11/my-proj/myimage:latest

    hope this helps. You can give some feedback on this answer and tell if it works for you or which new issues you're facing.