Search code examples
dockerkubernetesdocker-composedockerfile

Getting "ErrImagePull" Error when creating deployment object

I am trying to create a kubernetes deployment object using kubectl create deploy demo-backend --image docker.io/myrepe/myimage:1.0.0

However, getting ErrImagePull error:

Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Scheduled  21s               default-scheduler  Successfully assigned default/demo-backend-54c679bc45-t5hz9 to worker1
  Normal   BackOff    19s               kubelet            Back-off pulling image "docker.io/myrepe/myimage:1.0.0"
  Warning  Failed     19s               kubelet            Error: ImagePullBackOff
  Normal   Pulling    5s (x2 over 20s)  kubelet            Pulling image "docker.io/myrepe/myimage:1.0.0"
  Warning  Failed     4s (x2 over 19s)  kubelet            Failed to pull image "docker.io/myrepe/myimage:1.0.0": reading manifest 1.0.0 in docker.io/myrepe/myimage:1.0.0 requested access to the resource is denied

The image is a public image and I am able to pull the image directly using docker pull myrepe/myimage:1.0.0



Solution

  • The error you are encountering indicates that the kubernetes is unable to pull the image from the docker registry due to access restrictions. Although you can pull the image using docker pull directly, kubernetes requires proper authentication to access images. Missing credentials will cause access denied errors that prevent the image being pulled.

    Check the below two troubleshooting steps:

    1. If you see a requested access to the resource is denied - message, then you need to supply registry credentials, so that Kubernetes can pull the image.

    To do this, you must create a Kubernetes secret that contains your registry user credentials:

    $  kubectl create secret docker-registry docker-registry-credentials \
 --docker-server=https://index.docker.io/v1/
 --docker-username=user
 --docker-password=password  
 [email protected]

    The command shown above will create a secret called docker-registry-credentials. Next, you must adjust your Pod’s manifest. so, it references the secret within the spec.imagePullSecrets field:

    apiVersion: v1
kind: Pod
metadata:
  name: demo-pod
spec:
  containers:
    - name: nginx
      image: nginx:latest
  imagePullSecrets:
    - name: docker-registry-credentials

    Kubernetes will now use the credentials in your secret when it pulls the Pod’s images. Your Node will correctly authenticate to the image registry, allowing the image to be pulled, and fixing the ImagePullBackOff error.

    1. Another reason for the error might be the network connectivity between the container registry and the Kubernetes cluster. If there is a firewall blocking the connection and also checking the appropriate ports are open for outbound traffic, Kubernetes may not be able to download the image from the container registry.

    Refer to Shahar Azulay’s groundcover document on Kubernetes ImagePullBackOff: What It Is and How to Fix It for more information.

    Note: To fix ImagePullBackOff errors as part of your Kubernetes troubleshooting routine, start by checking your application manifest. Confirm that the image name, tag and/or digest values are properly configured and that they match the configuration of your container registry.