https://rancher.com/ logo
Title
b

better-nail-51710

10/04/2022, 1:56 PM
Hi all, I am running Rancher Desktop 1.5.1 on MacBook M1. I'm able to pull an image from my private repository using nerdctl:
nerdctl -n <http://k8s.io|k8s.io> pull <http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>
Then, I can create a pod (the pod is up and running, but it uses the pulled image):
kubectl run hello-app --image=<http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>
But this is not the desired behavior. I want to be able to create the kubernetes resources using the private registry, without downloading the image first. So, I deleted the previously downloaded image, then I tried to recreate the pod:
nerdctl -n <http://k8s.io|k8s.io> rmi <http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>
kubectl run hello-app --image=<http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>
Now, the pod's status is ErrImagePull:
Failed to pull image "<http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>": rpc error: code = Unknown desc = failed to pull and unpack image "<http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>": failed to resolve reference "<http://artifactory.mycompany.com/images/hello-app:v0.0.1|artifactory.mycompany.com/images/hello-app:v0.0.1>": pulling from host <http://artifactory.mycompany.com|artifactory.mycompany.com> failed with status code [manifests v0.0.1]: 403 Forbidden
I observed the forbidden message, but I ran
nerdctl login <http://artifactory.mycompany.com|artifactory.mycompany.com>
Again, if I download the image using nerdctl, the pod is up and running. I have to mention that I tried to add the private registry using ~/Library/Application Support/rancher-desktop/lima/\_config/override.yaml file, but no success: it seems that the registry is not recognized by containerd - nothing is added in the /etc/containerd/config.toml file, even if the registries.yaml file is in the /etc/rancher/k3s directory. My override.yaml file:
provision:
  - mode: system
    script: |
      #!/bin/sh
      set -eux
      mkdir -p /etc/rancher/k3s/
      cat <<'EOF' > /etc/rancher/k3s/registries.yaml
      mirrors:
        <http://docker.io|docker.io>:
          endpoint:
            - "<https://artifactory.mycompany>"
      configs:
        "<http://artifactory.mycompany.com|artifactory.mycompany.com>":
          auth:
            username: .......
            password: .......
      EOF
If I run ``rdctl shell -- cat /etc/rancher/k3s/registries.yaml``, I see the desired file provisioned by the override.yaml.
Does anyone have any idea?