kubectl ImagePullBackOff due to secret

Question

I'm creating kubevirt in minikube, initially kubevirt-operator.yaml fails with ImagePullBackOff. After I added secret in the yaml

imagePullSecrets:
  - name: regcred
containers:

all my virt-operator* started to run. virt-api* pods still shows ImagePullBackOff. The error comes out as

Events:
  Type     Reason     Age                    From               Message
  ----     ------     ----                   ----               -------
  Normal   Scheduled  27m                    default-scheduler  Successfully assigned kubevirt/virt-api-787487d9cd-t68qf to minikube
  Normal   Pulling    25m (x4 over 27m)      kubelet            Pulling image "us-ashburn-1.ocir.io/xxx/virt-api:v0.54.0"
  Warning  Failed     25m (x4 over 27m)      kubelet            Failed to pull image "us-ashburn-1.ocir.io/xxx/virt-api:v0.54.0": rpc error: code = Unknown desc = Error response from daemon: pull access denied for us-ashburn-1.ocir.io/xxx/virt-api, repository does not exist or may require 'docker login': denied: Anonymous users are only allowed read access on public repos
  Warning  Failed     25m (x4 over 27m)      kubelet            Error: ErrImagePull
  Warning  Failed     25m (x6 over 27m)      kubelet            Error: ImagePullBackOff
  Normal   BackOff    2m26s (x106 over 27m)  kubelet            Back-off pulling image "us-ashburn-1.ocir.io/xxx/virt-api:v0.54.0" 

Manually I'm able to pull the same image with docker login. Any help much appreciated. Thanks

Answer 1

This docker image looks like it is in a private registry(and from oracle). And I assume the regcred is not correct. Can you login there with docker login? if so you can create regcred secret like this

$ kubectl create secret docker-registry regcred --docker-server=<region-key>.ocir.io --docker-username='<tenancy-namespace>/<oci-username>' --docker-password='<oci-auth-token>' --docker-email='<email-address>'

Also check this oracle tutorial: https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/oke-and-registry/index.html

Answer 2

Here you can find the steps to implement secret values to the cluster .

If you are using a private registry, check that your secret exists and the secret is correct. Your secret should also be in the same namespace.

Your Minikube is a VM not your localhost. You try this

1. Open Terminal
2. eval $(minikube docker-env)
3. docker build .
4. kubectl create -f deployment.yaml

just valid this terminal. if closed terminal again open terminal and write eval $(minikube docker-env)

eval $(minikube docker-env) this code build image in Minikube

Also, try to login docker on all nodes by using docker login .

There is also a lengthy blog post describing how to debug image pull back-off in depth here

Answer 3

Hey if you look here . I think you can find some helpful documentation.

What they are doing is, they are upload the dockerconfig file which has login credentials as a secret and then referring to that in the deployment.
You could try to follow these steps and do something similar. Let me know if it works