No such image: gcr.io/google_containers/redis #6888
Description
I run followed "https://github.com/GoogleCloudPlatform/kubernetes/blob/master/examples/guestbook/README.md"
but after I run "kubectl create -f examples/guestbook/redis-master-controller.json"
redis-master-controller-e0zho redis-master gcr.io/google_containers/redis fed-node/ app=redis,name=redis-master Pending 6 minutes
it is always pending ,and I checked the log on the node ,here are the errors,what did I miss when I build the example?thanks
Apr 16 10:35:41 fedora docker: time="2015-04-16T10:35:41+08:00" level="info" msg="+job image_inspect(gcr.io/google_containers/redis)"
Apr 16 10:35:41 fedora docker: No such image: gcr.io/google_containers/redis
Apr 16 10:35:41 fedora docker: time="2015-04-16T10:35:41+08:00" level="info" msg="-job image_inspect(gcr.io/google_containers/redis) = ERR (1)"
Apr 16 10:35:41 fedora docker: time="2015-04-16T10:35:41+08:00" level="error" msg="Handler for GET /images/{name:.*}/json returned error: No such image: gcr.io/google_containers/redis"
Apr 16 10:35:41 fedora docker: time="2015-04-16T10:35:41+08:00" level="error" msg="HTTP Error: statusCode=404 No such image: gcr.io/google_containers/redis"
Apr 16 10:35:41 fedora kubelet: E0416 10:35:41.606815 7380 kubelet.go:1990] Cannot get host IP: Host IP unknown; known addresses: []
Apr 16 10:35:41 fedora kubelet: E0416 10:35:41.606867 7380 pod_workers.go:103] Error syncing pod cc1f1c78-e3e0-11e4-b8f6-fa163ebba90c, skipping: image pull failed for gcr.io/google_containers/pause:0.8.0, this may be because there are no credentials on this request. details: (API error (500): Invalid registry endpoint https://gcr.io/v1/: Get https://gcr.io/v1/_ping: dial tcp 74.125.203.82:443: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry gcr.io to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/gcr.io/ca.crt
Apr 16 10:35:41 fedora kubelet: )
Apr 16 10:35:41 fedora kubelet: I0416 10:35:41.606966 7380 event.go:200] Event(api.ObjectReference{Kind:"Pod", Namespace:"default", Name:"redis-master-controller-e0zho", UID:"cc1f1c78-e3e0-11e4-b8f6-fa163ebba90c", APIVersion:"v1beta3", ResourceVersion:"13546", FieldPath:"implicitly required container POD"}): reason: 'failed' Failed to pull image "gcr.io/google_containers/pause:0.8.0": image pull failed for gcr.io/google_containers/pause:0.8.0, this may be because there are no credentials on this request. details: (API error (500): Invalid registry endpoint https://gcr.io/v1/: Get https://gcr.io/v1/_ping: dial tcp 74.125.203.82:443: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry gcr.io to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/gcr.io/ca.crt
Apr 16 10:35:41 fedora kubelet: )
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Development
Participants
Activity
BlueShells commentedon Apr 16, 2015
it seems that I can't ping gcr.io,How can solve this problem?
erictune commentedon Apr 16, 2015
When I run
ping gcr.ioon my desktop (non-kubernetes-node) machine, I get a response. If you don't then you would need to figure out why -- I doubt I could help with that. If you can ping it from your desktop, but not from the kubernetes node, then I may be able to help debug.ddysher commentedon Apr 17, 2015
@BlueShells is blocked by GFW, you need to find a way out :)
BlueShells commentedon Apr 17, 2015
@ddysher @erictune thanks guys,I just install kuber on the other servers out of GFW,it works now ,so if you have method to solve the GFW problems ,better,if not ,that's all right ,thanks all the same
ddysher commentedon Apr 17, 2015
Thanks for confirming this. I think we can close the issue now.
vmarmol commentedon Apr 21, 2015
Would it be useful to maintain the images in the Docker Hub as well for cases like these? I imagine it could be possible that should get blocked too and we'd be out of luck :)
tobegit3hub commentedon May 29, 2015
Moving to docker hub is much helpful. Please do it 😭
ReSearchITEng commentedon Jul 13, 2015
please move to docker hub...
Especially in intranets, people get:
2700 event.go:203] Event(api.ObjectReference{Kind:"Pod", Namespace:"demo11", Name:"webserver-controller-ychel", UID:"d310777e-2958-11e5-be96-4437e6a56f8a", APIVersion:"v1beta3", ResourceVersion:"274474", FieldPath:""}): reason: 'failedSync' Error syncing pod, skipping: image pull failed for gcr.io/google_containers/pause:0.8.0, this may be because there are no credentials on this request. details: (Error pulling image (0.8.0) from gcr.io/google_containers/pause, Get https://storage.googleapis.com/artifacts.google-containers.appspot.com/containers/images/2c40b0526b6358710fd09e7b8c022429268cc61703b4777e528ac9d469a07ca1/ancestry: Forbidden)
Any work-around (besides moving the box to another network)?
12 remaining items
laugimethods commentedon Jun 15, 2016
@dims: Yes, very same CLI... BTW, I'm running the beta version of native Docker on Mac.
laugimethods commentedon Jun 15, 2016
FYI, I tried another example (Java EE Application using WildFly and MySQL), which is based on images hosted on Docker Hub, with the same outcome:
dims commentedon Jun 15, 2016
@laugimethods : dumb question again - does "curl https://index.docker.io/v1/repositories/library/mysql/images" work? (trying to tease out if there's a bug in the code)
laugimethods commentedon Jun 15, 2016
@dims:
laugimethods commentedon Jun 15, 2016
(Take note that I'm definitively new to K8s)
I'm using the CLI provided by Kube-Solo.
I just also tried to deploy an image through the Web Interface... Same issue...
dims commentedon Jun 15, 2016
@laugimethods next logical thing to do is run kubelet with more verbose logs i think.
laugimethods commentedon Jun 16, 2016
@dims Unfortunately Kube-Solo did crash while trying to get more verbose logs and I was not able to recover it (even after a reinstallation)... I'll try to use another tool, which hopefully will solve the Docker image fetching issue. Thanks for your help.
NickCao commentedon Aug 16, 2016
gcr.io is unaccessable in China, please fix that use mirrrors
benbonnet commentedon Oct 15, 2016
Images did got pushed correctly to google container registry. then :
plus (in case)
then
Deleting the docker images, expecting the following deployment to do the pull job :
and running
kubectl create -f the_file_containing_what-s_above.yamlfollowed bykubectl get podsalways returned some errImagePull 403 unhautorized etc… for the concerned pod.Restarted both docker-machine and minikube, in case, re-ran the deployment. Same.
Thought I had forgot the tag at the end of the image endpoint (appending
:latest), retried. Same.curl https://index.docker.io/v1/repositories/library/mysql/imagesreturn a large array of dataRunning
gcloud config list:I don't feel wrong to think the issue is not related to some cross-region problems.
Running all those things on a single OS X laptop. People advising above to turn to dockerhub, is it the definitive answer ? Isn't there something to do to instruct kubernetes/and-or/kubectl/and-or/minikube in order for them to look for the correct credentials ? How to know what auth-infos the concerned one use to pull images ?
benbonnet commentedon Oct 15, 2016
In the end, this SO answer solved the issue : http://stackoverflow.com/a/36286707/102133
But that's the only place it could clearly be explained
chinglinwen commentedon Feb 22, 2018
Not sure it's the place to comment about gcr.io issue, But it's really headache since many place use gcr.io.
Say install a dashboard involves many image that need gcr, or I try to run a kube-test
it involves two images:
replaced with zeppp/sonobuoy:v0.9.0, zeppp/kube-conformance:v1.8 ( doesn't have v1.9 tag )
even I replaced all of them, there's still one inside the runing, which need a gcr image, cause the running failed.
This one, really don't know how to replace it. ( and I don't know which node the pod will run ).
Though, any method, need manual interrupt is consider inconvenient ( manual pull, tag, push etc ).
Not sure, say docker.io one day will block or not.
If there is a way that one can easily workaround would be much helpful.
I tried docker cache through, seems does not work for private registry say gcr.io.
buzai commentedon May 15, 2018
@chinglinwen hi, fuck gfw error now is trouble me , how can i set a ss proxy for gcr.io?
chinglinwen commentedon May 16, 2018
@buzai You can use s2http (https://github.com/chinglinwen/s2http>, to turn a ss proxy to https proxy.
Then export https_proxy .
And maybe extra no_proxy .
buzai commentedon May 16, 2018
@chinglinwen
thank u repley me .
i had set a proxy for docker, and i can use docker pull some images, but k8s has a error like this.
i think k8s will send a request to gcr.io for ensure the image is right?
chinglinwen commentedon May 16, 2018
Say kube-proxy-amd64, you can setup https_proxy, run docker pull k8s.gcr.io/kube-proxy-amd64:v1.10.2 ( on every node ).
If pod status doesn't change you can delete that pod, it will re-create it.