I am trying installing a simple Spring Boot application by JKube on a microk8s cluster. As remote private docker repository I am using GitHub Packages (beta). While the microk8s is getting the pod, he unsuccessfully tries to deploy it and brings out following error:
Command:
kubectl describe pod walking-skeleton-5df7c4998c-9blmz -n walking
Output:
Name: walking-skeleton-5df7c4998c-9blmz
Namespace: walking
Priority: 0
Node: server-k8s-main/MYIP
Start Time: Tue, 16 Feb 2021 23:01:57 +0100
Labels: app=walking-skeleton
group=de.MYNAME
pod-template-hash=5df7c4998c
provider=jkube
version=0.0.2-SNAPSHOT
Annotations: cni.projectcalico.org/podIP: 10.1.4.29/32
cni.projectcalico.org/podIPs: 10.1.4.29/32
jkube.io/git-branch: main
jkube.io/git-commit: c0ba4b997db326fc8a7018adfca4f5a4d74aea39
jkube.io/git-url: git@github.com:MYNAME/MYPROJECT.git
jkube.io/scm-tag: HEAD
jkube.io/scm-url: https://github.com/spring-projects/spring-boot/walking-skeleton
Status: Pending
IP: 10.1.4.29
IPs:
IP: 10.1.4.29
Controlled By: ReplicaSet/walking-skeleton-5df7c4998c
Containers:
spring-boot:
Container ID:
Image: docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT
Image ID:
Ports: 8080/TCP, 9779/TCP, 8778/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Liveness: http-get http://:8080/actuator/health delay=180s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:8080/actuator/health delay=10s timeout=1s period=10s #success=1 #failure=3
Environment:
KUBERNETES_NAMESPACE: walking (v1:metadata.namespace)
HOSTNAME: walking-skeleton-5df7c4998c-9blmz (v1:metadata.name)
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-jq7q9 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-jq7q9:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-jq7q9
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 13m default-scheduler Successfully assigned walking/walking-skeleton-5df7c4998c-9blmz to server-k8s-main
Normal Pulling 11m (x4 over 13m) kubelet Pulling image "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT"
Warning Failed 11m (x4 over 13m) kubelet Error: ErrImagePull
Warning Failed 11m (x4 over 13m) kubelet Failed to pull image "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT": rpc error: code = Unknown desc = failed to pull and unpack image "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT": failed to resolve reference "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT": unexpected status code [manifests 0.0.2-SNAPSHOT]: **401 Unauthorized**
Normal BackOff 11m (x6 over 13m) kubelet Back-off pulling image "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT"
Warning Failed 3m1s (x43 over 13m) kubelet Error: ImagePullBackOff
I think, the interesting line is:
failed to resolve reference "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT": unexpected status code [manifests 0.0.2-SNAPSHOT]: **401 Unauthorized**
My plugin config in the pom.xml looks like:
<profile>
<id>kubernetes-deploy</id>
<properties>
<jkube.docker.registry>docker.pkg.github.com/MYNAME/MYPROJECT</jkube.docker.registry>
<jkube.generator.name>docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:${project.version}
</jkube.generator.name>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.eclipse.jkube</groupId>
<artifactId>kubernetes-maven-plugin</artifactId>
<version>1.1.0</version>
<configuration>
<namespace>${k8s.namespace}</namespace>
<resources>
<replicas>2</replicas>
<secrets>
<secret>
<dockerServerId>docker.pkg.github.com/MYNAME/MYPROJECT</dockerServerId>
<name>github</name>
<namespace>${k8s.namespace}</namespace>
</secret>
</secrets>
</resources>
</configuration>
</plugin>
</plugins>
</build>
</profile>
The namespace is configured like <k8s.namespace>walking</k8s.namespace> in the properties. And as secret in the settings:
<server>
<id>docker.pkg.github.com/MYNAME/MYPROJECT</id>
<username>MYNAME</username>
<password>nice try :-)</password>
</server>
I also checked, that the secret has been deployed on the microk8s:
kubectl get secrets -n walking
NAME TYPE DATA AGE
default-token-jq7q9 kubernetes.io/service-account-token 3 37m
github kubernetes.io/dockercfg 1 37m
Can you help me? What I am missing? Thank you in advance :-)
I've had the same issue when upgrading an existing cluster to K8s 1.24. The image of a deployment couldn't be loaded anymore due to an authentication issue.
The solution for me was to change the registry from docker.pkg.github.com
to ghcr.io
. This is mentioned in a containerd GitHub issue, which references the GitHub docs:
The domain in the pull URL will be ghcr.io instead of docker.pkg.github.com.