Bug description
Installation gets timeout errors and in kubectl get pods -n istio-system shows ImagePullBackOff.
kubectl describe pod istiod-xxx-xxx -n istio-system
Failed to pull image "our-registry:5000/pilot:1.10.3": rpc error: code = Unknown desc = Error response from daemon: Head https://our-registry:5000/v2/pilot/manifests/1.10.3: no basic auth credentials
Affected product area (please put an X in all that apply)
[x] Installation
Expected behavior
Successful installation with istioctl install --set profile=demo --set hub=our-registry:5000
Steps to reproduce the bug
Create istio-system namespace.
Set docker-registry user credentials for istio-system namespace.
istioctl manifest generate --set profile=demo --set hub=our-registry:5000 > new-generated-manifest.yaml
Verify it has proper images with our-registry:5000
Pull and push required images to our-registry:5000
istioctl install --set profile=demo --set hub=our-registry:5000
Version
Kubernetes : v1.21
Istio : 1.10.3 / 1.7.3
How was Istio installed?
istioctl install --set profile=demo --set hub=our-registry:5000
[References]
Json object error 2. Here describe about using it in charts, but dont know how they applied it.
Originally posted as an issue.
There are two ways to cirumvent this issue.
istioctl installUsing istioctl install provide a secret with docker-registry auth details with --set values.global.imagePullSecrets. Like this
istioctl install [other options] --set values.global.imagePullSecrets[0]=<auth-secret>
Where <auth-secret> is the secret created prior on the cluster.
You can read more about using secrets with docker repository here
Installing Istio with operator, from private regostry, you have to pass proper YAML:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
...
spec:
profile: demo #as an example
values:
global:
imagePullSecrets:
- <auth-secret>
...
Again, <auth-secret> must be created prior.