search

joyrex2001 / kubedock

Kubedock is a minimal implementation of the docker api that will orchestrate containers on a Kubernetes cluster, rather than running containers locally.
MIT License
212 stars 32 forks source link

kubedock and insecure registry usage #47

Closed niscoveanumircea closed 1 year ago

niscoveanumircea commented 1 year ago

Hi,

I want to integrate kubedock in our CI flow but I encounter an issue while spinning up the testcontainer containers. I exported the DOCKER_HOST env to point to kubedock API - ALL OK. When the maven runs the tests (using testcontainers) I get the following errors: 18:20:58 [2023-09-06T15:20:58.820Z] 15:20:48.252 [main] WARN org.testcontainers.dockerclient.DockerClientProviderStrategy - Could not determine Docker OS type 18:20:58 [2023-09-06T15:20:58.820Z] 15:20:48.253 [main] INFO org.testcontainers.DockerClientFactory - Docker host IP address is 127.0.0.1 18:20:58 [2023-09-06T15:20:58.820Z] 15:20:48.263 [main] INFO org.testcontainers.DockerClientFactory - Connected to docker: ... 18:20:58 [2023-09-06T15:20:58.823Z] Caused by: org.testcontainers.containers.ContainerFetchException: Can't get Docker image: RemoteDockerImage(imageName=nexus3-prod.radcom.co.il:8084/mongo:5.0.5, imagePullPolicy=DefaultPullPolicy(), imageNameSubstitutor=org.testcontainers.utility.ImageNameSubstitutor$LogWrappedImageNameSubstitutor@10895b16) 18:20:58 [2023-09-06T15:20:58.824Z] at org.testcontainers.containers.GenericContainer.getDockerImageName(GenericContainer.java:1371) 18:20:58 [2023-09-06T15:20:58.824Z] Caused by: com.github.dockerjava.api.exception.InternalServerErrorException: Status 500: {"message":"pinging container registry nexus3-prod.radcom.co.il:8084: Get \"[https://nexus3-prod.radcom.co.il:8084/v2/\](https://nexus3-prod.radcom.co.il:8084/v2//)": http: server gave HTTP response to HTTPS client"} ... In a standard docker engine environment, I would configure the "insecure registries" in the /etc/docker/daemon.json. But when using Kubedock, I could not find a way to mark a particulare registry as insecure. I know it's not a best practice to use HTTP registries, but at this moment I need to find a solution for this blocking point. Do you have tips/ solutions ? Thanks.

joyrex2001 commented 1 year ago

Kubedock is not in control of this, the kubernetes cluster should be configured to accept the insecure registry. If the registry is useable by kubernetes, it's also useable by kubedock.

niscoveanumircea commented 1 year ago

I see. That’s what I thought at first but the Kubernetes is based on containerd and there is such containerd configuration related to my insecure registry. Even the image that I use in the pod-agent is located in that insecure registry and the image is pulled successfully. It just doesn t work in the scenario I described. I will keep looking. Thanks