Uploading personal docker image to Azure Container Registry - ErrImagePull - wordpress

I am building a small docker image of this way:
In my Dockerfile I am adding an specific configuration in etc/apache2/apache2.conf about redirect http to https rule:
Specifically this rule
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>
So, my Dockerfile is
FROM wordpress:5.2.4
RUN apt-get update && apt-get install -y \
nano wget
COPY etc/apache2/apache2.conf /etc/apache2/apache2.conf
So, when it finish, I got two images in my local docker environment
REPOSITORY TAG
customize_wordpress 5.2.4
wordpress 5.2.4
Being customize_wordpress:5.2.4 my personal image and wordpress:5.2.4 the base public image that I used at FROM instruction above in the Dockerfile
Like my purpose is upload my custom image customize_wordpress:5.2.4 to azure container registry, I am following this article in order to do it
I am doing the docker tag command of this way
docker tag customize_wordpress:5.2.4 registryname.azurecr.io/customize_wordpress:5.2.4
And it works.
Also I push the image and it works as well
⟩ docker push registryname.azurecr.io/customize_wordpress:5.2.4
The push refers to repository [registryname.azurecr.io/customize_wordpress]
b63469233da6: Pushed
b032b61b15b2: Pushed
12fe3564ccac: Pushed
4e9b2aba858c: Pushed
b67d19e65ef6: Pushed
5.2.4: digest: sha256:dc62844f946a49f2e724fa38bad6e2cab73a4561b22b690876ab5534febd3569 size: 5128
[I]
So, I have these data as a environment variables in order to pass them to the helm command
export acr_login_server=registryname.azurecr.io
export acr_repository=customize_wordpress
export image_tag=5.2.4
But when I did the helm command
⟩ helm3 install wordpress-site-4 ./Deployments/Kubernetes/HelmCharts/wordpress/ --set image.registry=$acr_login_server,image.repository=$acr_repository,image.tag=$image_tag,image.pullPolicy=Always,wordpressUsername=$wordpressUsername,wordpressPassword=$wordpressPassword,wordpressEmail=$wordpressEmail,mariadb.enabled=false,externalDatabase.host=$database_host,externalDatabase.user=$database_user,externalDatabase.password=$database_password,externalDatabase.database=$database_name,externalDatabase.port=3306
I could see in my kubernetes environment that the pod say that the image is not pulled. I got
Error response from daemon: pull access denied for customize_wordpress, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Warning Failed 2m20s (x4 over 3m39s) kubelet, aks-defaultpool-34253081-vmss000001 Error: ErrImagePull
Normal Pulling 2m21s (x4 over 3m40s) kubelet, aks-defaultpool-34253081-vmss000001 Pulling image "customize_wordpress:5.2.4"
Warning Failed 2m20s (x4 over 3m39s) kubelet, aks-defaultpool-34253081-vmss000001 Failed to pull image "customize_wordpress:5.2.4": rpc error: code = Unknown desc = Error response from daemon: pull access denied for customize_wordpress, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Warning Failed 2m20s (x4 over 3m39s) kubelet, aks-defaultpool-34253081-vmss000001 Error: ErrImagePull
Normal BackOff 114s (x6 over 3m38s) kubelet, aks-defaultpool-34253081-vmss000001 Back-off pulling image "customize_wordpress:5.2.4"
Warning Failed 103s (x7 over 3m38s) kubelet, aks-defaultpool-34253081-vmss000001 Error: ImagePullBackOff
I am doing this helm command from azure devops, and previously I logged in to my ACR of multiple ways such as:
echo "Log in to an Azure Container Registry"
# docker login $(acr_login_server) --username $(service_principal_name_ci-cd-app-id) --password $(service_principal_name_ci-cd-password)
az acr login --name $(acr_name)
But the result is the same from the pod, I cannot pull the image
That's why I consider that I don't need to reference the docker registry secrets inside kubernetes and in the imagePullSecrets attribute in the helm chart values.yaml.
Despite everything I try to create that docker registry secret with my acr data but the result is the same as well.
How can I upload my customize image and pull it from Kubernetes?

Like my AKS cluster and my azure container registry, both already do exist before the private image installation, I didn't realize that I had to associate the aks cluster with the Azure container registry
It says here https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration#configure-acr-integration-for-existing-aks-clusters
So, this is the complete workflow to build our private docker image, uploaded to our private container registry (in my case Azure Container Registry) and pull that image from Azure Kubernetes service:
Build the image
docker build -t customize_wordpress:5.2.4 .
It creates the customize_wordpress:5.2.4 image
Creating tag: We need to create a tag in order to upload our image to our ACR
We have to include in the tag our ACR host server, in my case registryname.azurecr.io
Here for more information and here
⟩ docker tag customize_wordpress:5.2.4 registryname.azurecr.io/customize_wordpress:5.2.4
Push the image: Please, we have to be sure of use our complete tag created in the immediately previous step, I mean registryname.azurecr.io/customize_wordpress:5.2.4
⟩ docker push registryname.azurecr.io/customize_wordpress:5.2.4
The push refers to repository [registryname.azurecr.io/customize_wordpress]
b63469233da6: Pushed
b032b61b15b2: Pushed
b67d19e65ef6: Pushed
5.2.4: digest: sha256:dc62844f946a49f2e724fa38bad6e2cab73a4561b22b690876ab5534febd3569 size: 5128
And then before to install my Wordpress application, in my case from helm chart command (referenced above in my question), here comes the configuration of my ACR to work with my AKS cluster
I execute the aks update command:
⟩ az aks update -n MyClusterName -g MyResourceGroup --attach-acr MyACRName
So, when I install my helm chart, the image is up and running
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 14m default-scheduler Successfully assigned default/wordpress-site-4-6565b8c64f-w7xvq to aks-defaultpool-34253081-vmss000000
Normal Pulling 14m kubelet, aks-defaultpool-34253081-vmss000000 Pulling image "registryname.azurecr.io/customize_wordpress:5.2.4"
Normal Pulled 14m kubelet, aks-defaultpool-34253081-vmss000000 Successfully pulled image "registryname.azurecr.io/customize_wordpress:5.2.4"
Normal Created 14m kubelet, aks-defaultpool-34253081-vmss000000 Created container wordpress
If we do that, we don't need to reference the docker registry secret and any imagePullSecrets attribute in our helm chart or yaml file, our image will be pulled without reference any credentials

Related

openstack octavia failed to build compute instance

I installed and configured octavia for openstack load balancing. but when i want create a new loadbalancer using openstack loadbalancer create --name lb1 --vip-subnet-id subnet-pub octavia worker log say: ERROR octavia.controller.worker.v1.controller_worker octavia.common.exceptions.ComputeBuildException: Failed to build compute instance due to: Failed to retrieve image with amphora tag.
why? (I use ubuntu)
another question is: I installed octavia on controller node. must install anything on compute node(s)?
I had a similar problem and adding --project service solved it when uploading the image.
$ openstack image create amphora-x64-haproxy.qcow2 --container-format bare --disk-format qcow2 --private --tag amphora --file amphora-x64-haproxy.qcow2 --property hw_architecture='x86_64' --property hw_rng_model=virtio --project service
About the second question no need for anything to be installed on compute nodes. Only network access to lb-mgmt-net from controllers.
This Link helped me.
Set tag of image with value "amphora"
openstack image set --tag "amphora" image_name

Podman build command unable to pull image

I have configured Subuid and Subgid after installing Podman in RHEL7
I have created a simple Dockerfile to print hello world and was trying to build the image.
My Dockerfile
FROM alpine
CMD ["echo", "Hello World"]
To test I am running below command
Podman build -t imagename .
I see the below error received.
STEP 1: FROM alpine
Error: error creating build container: The following failures happened while trying to pull image specified by "alpine" based on search registries in /etc/containers/registries.conf:
* "localhost/alpine": Error initializing source docker://localhost/alpine:latest: error pinging docker registry localhost: Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused
* "registry.access.redhat.com/alpine": Error initializing source docker://registry.access.redhat.com/alpine:latest: error pinging docker registry registry.access.redhat.com: Get https://registry.access.redhat.com/v2/: read tcp 10.70.85.174:17758->23.54.147.129:443: read: connection reset by peer
* "registry.redhat.io/alpine": Error initializing source docker://registry.redhat.io/alpine:latest: error pinging docker registry registry.redhat.io: Get https://registry.redhat.io/v2/: read tcp 10.70.85.174:36028->104.79.150.216:443: read: connection reset by peer
* "docker.io/library/alpine": Error initializing source docker://alpine:latest: error pinging docker registry registry-1.docker.io: Get https://registry-1.docker.io/v2/: read tcp 10.70.85.174:53352->18.213.137.78:443: read: connection reset by peer
Am I missing any configuration ?
Thanks
Have you still the docket Daemon running and/or docker installed?
First stop the docker Daemon
sudo systemctl stop docker
OR
sudo service docker stop
Then uninstall docker
Ubuntu here but what ever you need you can Google :D
sudo apt-get remove docker docker-engine docker.io containerd runc
Try again,
If other fail now try a refreshed install of podman
sudo --reinstall install podman
Sources
https://www.cyberciti.biz/faq/debian-ubuntu-linux-reinstall-a-package-using-apt-get-command/
https://askubuntu.com/questions/935569/how-to-completely-uninstall-docker
https://intellipaat.com/community/43965/how-to-stop-docker
https://podman.io/getting-started/installation
I suggest that you first search your image in registries
podman search alpine
you should get a list of images available. Choose the one you want - version, name, tag etc and put that in the dockerfile.
to be sure it is accessible, do the 'pull' manually
podman pull alpine<version,tag>

Add SSL certificate to docker container with ASP .NET app to connect cosmosDB simulator in host machine

I am adding a cosmosdb simulator certificate in a linux docker container with my app ASP .NET. I want connect my app on a container with my windows 10 host machine. I have the next issue:
project-cosmos-container | Initializing repository: database KeyDatabase, collection KeyConatiner
project-cosmos-container |
project-cosmos-container | Unhandled Exception: System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.) ---> System.Net.Http.HttpRequestException:
The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
So I edit my dockerfile to copy my certificate that I export previusly following these steps https://learn.microsoft.com/es-es/azure/cosmos-db/local-emulator-export-ssl-certificates#certification-rotation.
FROM microsoft/dotnet:2.2-aspnetcore-runtime
# We create the folder inside the container
WORKDIR /local-project
# We are coping all project executables that we created with dotnet build and dotnet publish
COPY ./bin/Release/netcoreapp2.2/publish/* ./
COPY ./wwwroot/cer/*.cer /etc/ssl/certs/
EXPOSE 80 433
RUN update-ca-certificates
# We indicate to execute the program in the executable of the project
ENTRYPOINT ["dotnet", "Local.Proyect.Core.dll"]
And I have the following logs of docker:
Step 1/7 : FROM microsoft/dotnet:2.2-aspnetcore-runtime
---> ccf4063f0898
Step 2/7 : WORKDIR /local-project
---> Using cache
---> 4bafaaa39da1
Step 3/7 : COPY ./bin/Release/netcoreapp2.2/publish/* ./
---> b641fbfe771e
Step 4/7 : COPY ./wwwroot/cer/documentdbemulatorcert.cer /etc/ssl/certs/
---> 003052fba9ff
Step 5/7 : EXPOSE 80 433
---> Running in 88619ba67f33
Removing intermediate container 88619ba67f33
---> d5b467fa7820
Step 6/7 : RUN update-ca-certificates
---> Running in 890e73a506f4
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Removing intermediate container 890e73a506f4
---> 8cfcd85a8252
Step 7/7 : ENTRYPOINT ["dotnet", "Local.Proyect.Core.dll"]
---> Running in d21b2ba72d9b
Removing intermediate container d21b2ba72d9b
---> 7c7d08afdca2
Successfully built 7c7d08afdca2
But I haven't solved the problem yet. I am copying the certificate in a wrong directory inside container? And what is the correct directory to copy or what I am doing wrong. If someone have already had the same problem please let me know how to fix.

Nginx Ingress Controller Docker image for ARM32 (Raspberry Pi)

Is there a Nginx Ingress Controller Docker image available for ARM32, which will run on a Raspberry PI 3?
I have tried this:
$ docker run gcr.io/google_containers/nginx-ingress-controller:0.8.3
standard_init_linux.go:195: exec user process caused "exec format error"
Is there some documentation / list of images with more details on which tags available for the images on gcr.io/google_containers?
Support for arm64 was introduced with 0.9.0-beta.12. I don't believe there's an arm32 compatible release.
As for how to know which images or tags are available on gcr you can either run these:
gcloud container images list-tags [HOSTNAME]/[PROJECT-ID]/[IMAGE]
gcloud container images list --repository=[HOSTNAME]/[PROJECT-ID]
Or just hit http://[HOSTNAME]/[PROJECT-ID]/[IMAGE] with your browser, where for the nginx-controller it would be http://gcr.io/google_containers/nginx-ingress-controller

Trying docker in docker getting TCP connection refused error

I am trying to run docker in docker and getting TCP 127.0.0.1:5000: connection refused. Can someone explain why this happened and how I can fix it.
Here is what I have tired:
docker run -it --privileged --name docker-server-test -d docker:1.7-dind
docker run --rm --link docker-server:docker docker:1.7 pull my-server:5000/qe/busybox
Unable to find image 'docker:1.7' locally
Trying to pull repository docker.io/library/docker ... 1.7: Pulling from library/docker
f4fddc471ec2: Already exists
da0daae25b21: Already exists
413668359dd0: Already exists
ab205815427f: Already exists
e8ace195c6b6: Already exists
2129588b76a3: Already exists
63f71ebd654b: Already exists
f3231b3888dd: Already exists
d449c5a1e017: Already exists
library/docker:1.7: The image you are pulling has been verified.
Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:c3666cc6458e02d780492c75acf1b0bf3424c8dd6882361438a9b93b46c2aa55
Status: Downloaded newer image for docker.io/docker:1.7
Pulling repository my-server:5000/qe/busybox
Get http://localhost:5000/v1/repositories/qe/busybox/tags: dial tcp 127.0.0.1:5000: connection refused
It looks like you're trying to pull an image from a registry running on your local machine -- in this case when you specify localhost as the place to pull the image from, it's trying to pull from localhost relative to the Docker daemon container (which isn't where your registry is listening). You probably want to instead pull from host-ip:5000/qe/busybox (likely something like 192.168.0.x:5000/qe/busybox).
Did you have env variable set? Based on your OS, set following Docker env variables if not already set:
DOCKER_HOST
DOCKER_CERT_PATH
DOCKER_TLS_VERIFY
You can get these details from your docker client
docker-machine env default

Resources