https://rancher.com/ logo
Join Slack
Powered by
Hi @everyone, could someone please help me use ins...
# rke2
h
Hi @everyone, could someone please help me use insecure private registry configuration. I am getting this error:
Copy code
Failed to get image from endpoint: Get \"<https://ip:5000/v2/>\": http: server gave HTTP response to HTTPS client; Get \"<https://ip:5000/v2/>\": http: server gave HTTP response to HTTPS client"
Slack Conversation
c
you need to set up your registry to use a http endpoint. containerd always assumes https
Copy code
mirrors:
  "ip:5000":
    endpoint:
    - "<http://ip:5000>"
h
Thanks for the prompt response. I do have it configured. This is how my yaml looks like
Copy code
machineSelectorConfig:
      - config:
          docker: false
          protect-kernel-defaults: false
          selinux: false
          system-default-registry: ip:5000
    registries:
      mirrors:
        <http://docker.io|docker.io>:
          endpoint:
            - <http://ip:5000>
          rewrite:
            ^rancher/(.*): <http://docker.io/$1|docker.io/$1>
c
no, that’s not what I said
That would be correct if you wanted to use that as a mirror for docker.io, but the log you shared shows that it’s trying to pull from 
ip:5000
and not docker.io
which makes sense since you set the system default registry to 
ip:5000
instead of 
<http://docker.io|docker.io>
h
Yes, I want to use it as mirror for docker.io. I'm trying to pull k3s image from my registry rather than docker itself. I'm guessing what we are seeing in the logs is because system-default-registry has been changed to my registry instead.
Copy code
system-default-registry: ip:5000
Here are some more logs to give you context:
Copy code
Jun 05 15:12:37 abc.work rancher-system-agent[28651]: time="2024-06-05T15:12:37-04:00" level=info msg="Using private registry config file at /etc/rancher/agent/registries.yaml"
Jun 05 15:12:37 abc.work rancher-system-agent[28651]: time="2024-06-05T15:12:37-04:00" level=info msg="Pulling image ip:5000/rancher/system-agent-installer-k3s:v1.28.9-k3s1"
Jun 05 15:12:37 abc.work rancher-system-agent[28651]: time="2024-06-05T15:12:37-04:00" level=warning msg="Failed to get image from endpoint: Get \"<https://ip:5000/v2/>\": http: server gave HTTP response to HTTPS client; Get \"<https://ip:5000/v2/>\": http: server gave HTTP response to HTTPS client"
Jun 05 15:12:37 abc.work rancher-system-agent[28651]: time="2024-06-05T15:12:37-04:00" level=error msg="error while staging: all endpoints failed: Get \"<https://ip:5000/v2/>\": http: server gave HTTP response to HTTPS client; Get \"<https://ip:5000/v2/>\": http: server gave HTTP response to HTTPS client: failed to get image ip:5000/rancher/system-agent-installer-k3s:v1.28.9-k3s1"
Jun 05 15:12:37 abc.work rancher-system-agent[28651]: time="2024-06-05T15:12:37-04:00" level=error msg="error executing instruction 0: all endpoints failed: Get \"<https://ip:5000/v2/>\": http: server gave HTTP response to HTTPS client; Get \"<https://ip:5000/v2/>\": http: server gave HTTP response to HTTPS client: failed to get image ip:5000/rancher/system-agent-installer-k3s:v1.28.9-k3s1"
Jun 05 15:12:37 abc.work rancher-system-agent[28651]: time="2024-06-05T15:12:37-04:00" level=info msg="[Applyinator] No image provided, creating empty working directory /var/lib/rancher/agent/work/20240605-151237/afd4f85b27833cd0080fd3218565433075516a446c9351fbf4cc3265149dd3c8_0"
Jun 05 15:12:37 abc.work rancher-system-agent[28651]: time="2024-06-05T15:12:37-04:00" level=info msg="[Applyinator] Running command: sh [-c k3s etcd-snapshot list --etcd-s3=false 2>/dev/null]"
c
either configure system-default-registry, OR configure your endpoint as a mirror for docker.io. Don’t do both.
h
I updated the yaml as per your suggestion and removed it from system-default-registry:
Copy code
machineSelectorConfig:
      - config:
          docker: false
          protect-kernel-defaults: false
          selinux: false
    registries:
      configs: {}
      mirrors:
        <http://docker.io|docker.io>:
          endpoint:
            - <http://ip:5000>
          rewrite:
            ^(.*): <http://docker.io/$1|docker.io/$1>
but now it is reaching out to index.docker.io as you'd see from the logs below:
Copy code
Jun 05 16:26:44 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:44-04:00" level=info msg="[Applyinator] Applying one-time instructions for plan with checksum 4462fc1b6e5fe2882b74ba78e85f389a90440fce0685400b7ab489096951b73a"
Jun 05 16:26:44 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:44-04:00" level=info msg="[Applyinator] Extracting image rancher/system-agent-installer-k3s:v1.28.9-k3s1 to directory /var/lib/rancher/agent/work/20240605-162644/4462fc1b6e5fe2882b74ba78e85f389a90440fce0685400b7ab489096951b73a_0"
Jun 05 16:26:44 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:44-04:00" level=info msg="Using private registry config file at /etc/rancher/agent/registries.yaml"
Jun 05 16:26:44 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:44-04:00" level=info msg="Pulling image <http://index.docker.io/rancher/system-agent-installer-k3s:v1.28.9-k3s1|index.docker.io/rancher/system-agent-installer-k3s:v1.28.9-k3s1>"
Jun 05 16:26:44 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:44-04:00" level=info msg="Extracting file installer.sh to /var/lib/rancher/agent/work/20240605-162644/4462fc1b6e5fe2882b74ba78e85f389a90440fce0685400b7ab489096951b73a_0/installer.sh"
Jun 05 16:26:44 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:44-04:00" level=info msg="Extracting file k3s to /var/lib/rancher/agent/work/20240605-162644/4462fc1b6e5fe2882b74ba78e85f389a90440fce0685400b7ab489096951b73a_0/k3s"
Jun 05 16:26:45 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:45-04:00" level=info msg="Extracting file run.sh to /var/lib/rancher/agent/work/20240605-162644/4462fc1b6e5fe2882b74ba78e85f389a90440fce0685400b7ab489096951b73a_0/run.sh"
Jun 05 16:26:45 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:45-04:00" level=info msg="[Applyinator] Running command: sh [-c run.sh]"
Jun 05 16:26:45 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:45-04:00" level=info msg="[4462fc1b6e5fe2882b74ba78e85f389a90440fce0685400b7ab489096951b73a_0:stderr]: + cp -f /var/lib/rancher/agent/work/20240605-162644/4462fc1b6e5fe2882b74ba78e85f389a90440fce0685400b7ab489096951b73a_0/k3s /usr/local/bin/k3s"
Jun 05 16:26:45 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:45-04:00" level=info msg="[4462fc1b6e5fe2882b74ba78e85f389a90440fce0685400b7ab489096951b73a_0:stderr]: + chmod 755 /usr/local/bin/k3s"
Jun 05 16:26:45 abc.work rancher-system-agent[2514]: time="2024-06-05T16:26:45-04:00" level=info msg="[4462fc1b6e5fe2882b74ba78e85f389a90440fce0685400b7ab489096951b73a_0:stderr]: + chown root:root /usr/local/bin/k3s"
output of registries.yaml:
Copy code
cat /etc/rancher/agent/registries.yaml
{"configs":{},"mirrors":{"<http://docker.io|docker.io>":{"endpoint":["ip:5000"],"rewrite":{"^(.*)":"<http://docker.io/$1|docker.io/$1>"}}}}
c
It'll always say it's pulling 
<http://docker.io/rancher/|docker.io/rancher/>...
as that is the image name
It will use your mirror endpoint though
Using a mirror endpoint does not change the image name... it just changes the actual server that the pull uses
h
Thank you so much for you help and assistance here
107 Views
Open in Slack
PreviousNext
Powered by