better-nail-51710
10/04/2022, 1:56 PMnerdctl -n <http://k8s.io|k8s.io> pull <http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>
Then, I can create a pod (the pod is up and running, but it uses the pulled image):
kubectl run hello-app --image=<http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>
But this is not the desired behavior. I want to be able to create the kubernetes resources using the private registry, without downloading the image first. So, I deleted the previously downloaded image, then I tried to recreate the pod:
nerdctl -n <http://k8s.io|k8s.io> rmi <http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>
kubectl run hello-app --image=<http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>
Now, the pod's status is ErrImagePull:
Failed to pull image "<http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>": rpc error: code = Unknown desc = failed to pull and unpack image "<http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>": failed to resolve reference "<http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>": pulling from host <http://artifactory.mycompany.com|artifactory.mycompany.com> failed with status code [manifests v0.0.1]: 403 Forbidden
I observed the forbidden message, but I ran nerdctl login <http://artifactory.mycompany.com|artifactory.mycompany.com>
Again, if I download the image using nerdctl, the pod is up and running.
I have to mention that I tried to add the private registry using ~/Library/Application Support/rancher-desktop/lima/\_config/override.yaml file, but no success: it seems that the registry is not recognized by containerd - nothing is added in the /etc/containerd/config.toml file, even if the registries.yaml file is in the /etc/rancher/k3s directory.
My override.yaml file:
provision:
- mode: system
script: |
#!/bin/sh
set -eux
mkdir -p /etc/rancher/k3s/
cat <<'EOF' > /etc/rancher/k3s/registries.yaml
mirrors:
<http://docker.io|docker.io>:
endpoint:
- "<https://artifactory.mycompany>"
configs:
"<http://artifactory.mycompany.com|artifactory.mycompany.com>":
auth:
username: .......
password: .......
EOF
If I run ``rdctl shell -- cat /etc/rancher/k3s/registries.yaml``, I see the desired file provisioned by the override.yaml.