What version of OpenShift? What you pasted looks correct: 1. Generate secret with the right server name 2. Add pull secret to all of the service accounts that will be pulling the image 3. Launch pod
You may want to look at the docker log and verify that what it is trying to pull looks correct. It's always possible there's a subtle bug though in how this is being checked, so may need to have you turn on debug logging on your node so we can investigate. On Tue, Sep 13, 2016 at 5:57 AM, Andre Esser <[email protected]> wrote: > Hi, > > I'm trying to pull an image from the Google Cloud Registry from within > a pod definition. My JSON file seems to be fine: > -------------------------------------------------------------------> > $ docker login -u _json_key -p "$(cat google-cloud-registry.json)" \ > https://eu.gcr.io > Login Succeeded > $ docker pull eu.gcr.io/vb-europe/graylog-stack-deployer:latest > latest: Pulling from vb-europe/graylog-stack-deployer > [...] > Status: Downloaded newer image for eu.gcr.io/vb-europe/graylog-stack-\ > <http://eu.gcr.io/vb-europe/graylog-stack-%5C> > deployer:latest > <------------------------------------------------------------------- > > I create the corresponding secret with: > -------------------------------------------------------------------> > $ oc -n default secrets new-dockercfg google-cloud-registry \ > --docker-server=eu.gcr.io --docker-username=_json_key \ > --docker-password="$(cat google-cloud-registry.json)" \ > --docker-email="[email protected].\ > gserviceaccount.com" > secret/google-cloud-registry > <------------------------------------------------------------------- > > and add it to the service accounts: > -------------------------------------------------------------------> > $ oc secrets add serviceaccount/default \ > secrets/google-cloud-registry --for=pull > $ oc secrets add serviceaccount/builder \ > secrets/google-cloud-registry > <------------------------------------------------------------------- > > The corresponding pod definition contains: > -------------------------------------------------------------------> > [...] > containers: > - > name: "deployer" > image: "eu.gcr.io/vb-europe/graylog-stack-deployer:latest" > imagePullPolicy: "Always" > env: > [...] > <------------------------------------------------------------------- > > However when I try to create the container I get: > -------------------------------------------------------------------> > Failed to pull image "eu.gcr.io/vb-europe/graylog-stack- > deployer:latest": image pull failed for eu.gcr.io/vb-europe/graylog- > stack-deployer:latest, this may be because there are no credentials on > this request. details: (Error: Status 403 trying to pull repository > vb-europe/graylog-stack-deployer: "Unable to access the repository: > vb-europe/graylog-stack-deployer; please verify that it exists and you > have permission to access it (no valid credential was supplied).") > <------------------------------------------------------------------ > > What am I missing? > > > Cheers, > > Andre > -- > Andre Esser, IT Manager > Voidbridge Software Ltd > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
