kubernetes service require manual pull secret injection

[levindecaro]

ISSUE TYPE

• Improvement Request

COMPONENT NAME

Kubernetes Service Plugin

CLOUDSTACK VERSION

4.16.0

CONFIGURATION

OS / ENVIRONMENT

CentOS 7.9
KVM

SUMMARY

When provision number of k8s in ACS, it will stalled by docker hub pull rate limit policy. The k8s instance installation will fail to complete. To workaround this problem, it require injecting the pull secret in the middle of provisioning.

I think ACS should cater private registry authentication for the bootstrapping, or allowing custom property to specify image repository URL, such as quay.io or self hosted anonymous mirror.

STEPS TO REPRODUCE

1. Create a k8s instance in ACS.
2. ssh into first controlplane node
3. watch ImagePullBackoff event
4. Patch the pull secret
5. Restart the backedoff Pod
6. Wait for all Pod in running state.

example workaround script

read  -p "your docker.io login name: " DOCKER_IO_USERNAME
read  -p "your docekr.io password: " DOCKER_IO_PASSWORD


for x in `kubectl get ns -o NAME|awk -F / '{print $2}'`;do

kubectl create secret docker-registry docker-secret --docker-server=docker.io --docker-username=${DOCKER_IO_USERNAME} --docker-password=${DOCKER_IO_PASSWORD} --docker-email=dummy -n $x

kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "docker-secret"}]}' -n $x

done

kubectl patch serviceaccount weave-net -p '{"imagePullSecrets": [{"name": "docker-secret"}]}' -n kube-system

kubectl patch serviceaccount kubernetes-dashboard -p '{"imagePullSecrets": [{"name": "docker-secret"}]}' -n kubernetes-dashboard

kubectl get pod -A | awk '{if ($4=="Init:ImagePullBackOff") print "kubectl delete pod " $2 " -n " $1;}' | sh
kubectl get pod -A | awk '{if ($4=="ImagePullBackOff") print "kubectl delete pod " $2 " -n " $1;}' | sh
kubectl get pod -A | awk '{if ($4=="Pending") print "kubectl delete pod " $2 " -n " $1;}' | sh

EXPECTED RESULTS

k8s instance created without human invention.

ACTUAL RESULTS

Require inject pull secrets manually.

[nvazquez]

@Pearl1594 @davidjumani any input about this issue?

[davidjumani]

With the latest isos, all necessary images are bundled within. CKS also allows private registry login while creating a cluster (which can be used to point to dockerhub) when the cloud.kubernetes.cluster.experimental.features.enabled global setting is enabled

[levindecaro]

@davidjumani I tried this option with specifying those registry info, however it did not create the corresponding secret for the k8s instances, thus the bootstrap still fail without manual injecting the pull secret. Thanks for your help.

2022-02-09 19:53:57,855 DEBUG [c.c.a.ApiServlet] (qtp2129144075-797:ctx-2d4fcbf5) (logid:ec6e558d) ===START===  172.16.2.198 -- GET  name=k8s-testing&description=k8s-testing&zoneid=5e43ac5b-d657-49f2-98e1-7304476d28ed&kubernetesversionid=1497a201-8827-4280-9d60-e8710f612e90&serviceofferingid=fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4&size=1&noderootdisksize=8&keypair=mykey&dockerregistryusername=levindecaro&dockerregistryurl=docker.io&dockerregistryemail=levindecaro%40gmail.com&command=createKubernetesCluster&response=json
2022-02-09 19:53:57,916 INFO  [c.c.a.ApiServer] (qtp2129144075-797:ctx-2d4fcbf5 ctx-5b68f773) (logid:ec6e558d) Invalid docker registry url specified
2022-02-09 19:53:57,916 DEBUG [c.c.a.ApiServlet] (qtp2129144075-797:ctx-2d4fcbf5 ctx-5b68f773) (logid:ec6e558d) ===END===  172.16.2.198 -- GET  name=k8s-testing&description=k8s-testing&zoneid=5e43ac5b-d657-49f2-98e1-7304476d28ed&kubernetesversionid=1497a201-8827-4280-9d60-e8710f612e90&serviceofferingid=fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4&size=1&noderootdisksize=8&keypair=mykey&dockerregistryusername=levindecaro&dockerregistryurl=docker.io&dockerregistryemail=levindecaro%40gmail.com&command=createKubernetesCluster&response=json
2022-02-09 19:54:13,327 DEBUG [c.c.a.ApiServlet] (qtp2129144075-797:ctx-5b969d75) (logid:002ca782) ===START===  172.16.2.198 -- GET  name=k8s-testing&description=k8s-testing&zoneid=5e43ac5b-d657-49f2-98e1-7304476d28ed&kubernetesversionid=1497a201-8827-4280-9d60-e8710f612e90&serviceofferingid=fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4&size=1&noderootdisksize=8&keypair=mykey&dockerregistryusername=levindecaro&dockerregistryurl=https:%2F%2Fdocker.io&dockerregistryemail=levindecaro%40gmail.com&command=createKubernetesCluster&response=json
2022-02-09 19:54:13,591 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-59:ctx-124f92ad job-46798) (logid:b5129e82) Executing AsyncJobVO {id:46798, userId: 9, accountId: 9, instanceType: VirtualMachine, instanceId: 107, cmd: org.apache.cloudstack.api.command.user.kubernetes.cluster.CreateKubernetesClusterCmd, cmdInfo: {"dockerregistryusername":"levindecaro","keypair":"mykey","description":"k8s-testing","httpmethod":"GET","dockerregistrypassword":"xxxxxxxxx","ctxAccountId":"9","uuid":"874c1baa-f076-471d-afd9-bda9d33b550f","cmdEventType":"KUBERNETES.CLUSTER.CREATE","kubernetesversionid":"1497a201-8827-4280-9d60-e8710f612e90","size":"1","serviceofferingid":"fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4","dockerregistryurl":"https://docker.io","response":"json","ctxUserId":"9","dockerregistryemail":"levindecaro@gmail.com","name":"k8s-testing","zoneid":"5e43ac5b-d657-49f2-98e1-7304476d28ed","ctxStartEventId":"93575","id":"107","ctxDetails":"{\"interface com.cloud.dc.DataCenter\":\"5e43ac5b-d657-49f2-98e1-7304476d28ed\",\"interface com.cloud.kubernetes.version.KubernetesSupportedVersion\":\"1497a201-8827-4280-9d60-e8710f612e90\",\"interface com.cloud.network.Network\":\"7a97228e-19cb-47b8-870b-9925eba0ca74\",\"interface com.cloud.offering.ServiceOffering\":\"fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4\"}","noderootdisksize":"8"}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: null, initMsid: 90520735245649, completeMsid: null, lastUpdated: null, lastPolled: null, created: null, removed: null}
2022-02-09 19:54:13,593 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) submit async job-46798, details: AsyncJobVO {id:46798, userId: 9, accountId: 9, instanceType: VirtualMachine, instanceId: 107, cmd: org.apache.cloudstack.api.command.user.kubernetes.cluster.CreateKubernetesClusterCmd, cmdInfo: {"dockerregistryusername":"levindecaro","keypair":"mykey","description":"k8s-testing","httpmethod":"GET","dockerregistrypassword":"xxxxxxxxx","ctxAccountId":"9","uuid":"874c1baa-f076-471d-afd9-bda9d33b550f","cmdEventType":"KUBERNETES.CLUSTER.CREATE","kubernetesversionid":"1497a201-8827-4280-9d60-e8710f612e90","size":"1","serviceofferingid":"fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4","dockerregistryurl":"https://docker.io","response":"json","ctxUserId":"9","dockerregistryemail":"levindecaro@gmail.com","name":"k8s-testing","zoneid":"5e43ac5b-d657-49f2-98e1-7304476d28ed","ctxStartEventId":"93575","id":"107","ctxDetails":"{\"interface com.cloud.dc.DataCenter\":\"5e43ac5b-d657-49f2-98e1-7304476d28ed\",\"interface com.cloud.kubernetes.version.KubernetesSupportedVersion\":\"1497a201-8827-4280-9d60-e8710f612e90\",\"interface com.cloud.network.Network\":\"7a97228e-19cb-47b8-870b-9925eba0ca74\",\"interface com.cloud.offering.ServiceOffering\":\"fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4\"}","noderootdisksize":"8"}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: null, initMsid: 90520735245649, completeMsid: null, lastUpdated: null, lastPolled: null, created: null, removed: null}
2022-02-09 19:54:13,595 DEBUG [c.c.a.ApiServlet] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) ===END===  172.16.2.198 -- GET  name=k8s-testing&description=k8s-testing&zoneid=5e43ac5b-d657-49f2-98e1-7304476d28ed&kubernetesversionid=1497a201-8827-4280-9d60-e8710f612e90&serviceofferingid=fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4&size=1&noderootdisksize=8&keypair=mykey&dockerregistryusername=levindecaro&dockerregistryurl=https:%2F%2Fdocker.io&dockerregistryemail=levindecaro%40gmail.com&command=createKubernetesCluster&response=json
[root@cloudstack-1 management]# grep 002ca782 management-server.log.2022-02-09
2022-02-09 19:54:13,327 DEBUG [c.c.a.ApiServlet] (qtp2129144075-797:ctx-5b969d75) (logid:002ca782) ===START===  172.16.2.198 -- GET  name=k8s-testing&description=k8s-testing&zoneid=5e43ac5b-d657-49f2-98e1-7304476d28ed&kubernetesversionid=1497a201-8827-4280-9d60-e8710f612e90&serviceofferingid=fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4&size=1&noderootdisksize=8&keypair=mykey&dockerregistryusername=levindecaro&dockerregistryurl=https:%2F%2Fdocker.io&dockerregistryemail=levindecaro%40gmail.com&command=createKubernetesCluster&response=json
2022-02-09 19:54:13,336 DEBUG [c.c.a.ApiServer] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) CIDRs from which account 'Acct[d09266b9-4e22-40b8-a013-da17fc4a3cac-levindecaro] -- Account {"id": 9, "name": "levindecaro", "uuid": "d09266b9-4e22-40b8-a013-da17fc4a3cac"}' is allowed to perform API calls: 0.0.0.0/0,::/0
2022-02-09 19:54:13,351 DEBUG [c.c.u.AccountManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Access to Acct[d09266b9-4e22-40b8-a013-da17fc4a3cac-levindecaro] -- Account {"id": 9, "name": "levindecaro", "uuid": "d09266b9-4e22-40b8-a013-da17fc4a3cac"} granted to Acct[d09266b9-4e22-40b8-a013-da17fc4a3cac-levindecaro] -- Account {"id": 9, "name": "levindecaro", "uuid": "d09266b9-4e22-40b8-a013-da17fc4a3cac"} by DomainChecker
2022-02-09 19:54:13,354 DEBUG [c.c.u.AccountManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Access to Acct[d09266b9-4e22-40b8-a013-da17fc4a3cac-levindecaro] -- Account {"id": 9, "name": "levindecaro", "uuid": "d09266b9-4e22-40b8-a013-da17fc4a3cac"} granted to Acct[d09266b9-4e22-40b8-a013-da17fc4a3cac-levindecaro] -- Account {"id": 9, "name": "levindecaro", "uuid": "d09266b9-4e22-40b8-a013-da17fc4a3cac"} by DomainChecker
2022-02-09 19:54:13,386 DEBUG [c.c.k.c.KubernetesClusterManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Checking host ID: fba3180c-6cd0-4b48-9b78-88b46ebc58cc for capacity already reserved 1
2022-02-09 19:54:13,387 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Checking if host: 49 has enough capacity for requested CPU: 3000 and requested RAM: (2.00 GB) 2147483648 , cpuOverprovisioningFactor: 12.0
2022-02-09 19:54:13,389 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Hosts's actual total CPU: 140000 and CPU after applying overprovisioning: 1680000
2022-02-09 19:54:13,389 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Free CPU: 1477000 , Requested CPU: 3000
2022-02-09 19:54:13,389 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Free RAM: (75.43 GB) 80992567296 , Requested RAM: (2.00 GB) 2147483648
2022-02-09 19:54:13,389 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Host has enough CPU and RAM available
2022-02-09 19:54:13,389 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) STATS: Can alloc CPU from host: 49, used: 203000, reserved: 0, actual total: 140000, total with overprovisioning: 1680000; requested cpu:3000,alloc_from_last_host?:false ,considerReservedCapacity?: true
2022-02-09 19:54:13,389 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) STATS: Can alloc MEM from host: 49, used: (301.25 GB) 323464724480, reserved: (0 bytes) 0, total: (376.68 GB) 404457291776; requested mem: (2.00 GB) 2147483648, alloc_from_last_host?: false , considerReservedCapacity?: true
2022-02-09 19:54:13,390 DEBUG [c.c.k.c.KubernetesClusterManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Found host ID: fba3180c-6cd0-4b48-9b78-88b46ebc58cc for with enough capacity, CPU=3000 RAM=(2.00 GB) 2147483648
2022-02-09 19:54:13,392 DEBUG [c.c.k.c.KubernetesClusterManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Checking host ID: fba3180c-6cd0-4b48-9b78-88b46ebc58cc for capacity already reserved 2
2022-02-09 19:54:13,392 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Checking if host: 49 has enough capacity for requested CPU: 6000 and requested RAM: (4.00 GB) 4294967296 , cpuOverprovisioningFactor: 12.0
2022-02-09 19:54:13,395 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Hosts's actual total CPU: 140000 and CPU after applying overprovisioning: 1680000
2022-02-09 19:54:13,395 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Free CPU: 1477000 , Requested CPU: 6000
2022-02-09 19:54:13,395 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Free RAM: (75.43 GB) 80992567296 , Requested RAM: (4.00 GB) 4294967296
2022-02-09 19:54:13,395 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Host has enough CPU and RAM available
2022-02-09 19:54:13,395 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) STATS: Can alloc CPU from host: 49, used: 203000, reserved: 0, actual total: 140000, total with overprovisioning: 1680000; requested cpu:6000,alloc_from_last_host?:false ,considerReservedCapacity?: true
2022-02-09 19:54:13,395 DEBUG [c.c.c.CapacityManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) STATS: Can alloc MEM from host: 49, used: (301.25 GB) 323464724480, reserved: (0 bytes) 0, total: (376.68 GB) 404457291776; requested mem: (4.00 GB) 4294967296, alloc_from_last_host?: false , considerReservedCapacity?: true
2022-02-09 19:54:13,395 DEBUG [c.c.k.c.KubernetesClusterManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Found host ID: fba3180c-6cd0-4b48-9b78-88b46ebc58cc for with enough capacity, CPU=6000 RAM=(4.00 GB) 4294967296
2022-02-09 19:54:13,395 INFO  [c.c.k.c.KubernetesClusterManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Suitable hosts found in datacenter ID: 5e43ac5b-d657-49f2-98e1-7304476d28ed, creating deployment destination
2022-02-09 19:54:13,400 INFO  [c.c.k.c.KubernetesClusterManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Creating network for account ID: d09266b9-4e22-40b8-a013-da17fc4a3cac from the network offering ID: 6297c837-129f-4a60-b860-24e3d72ae63c as part of Kubernetes cluster: k8s-testing deployment process
2022-02-09 19:54:13,409 DEBUG [c.c.r.ResourceLimitManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Checking if amount of resources of Type = 'network' for Account Name = levindecaro in Domain Id = 2 is exceeded: Account Resource Limit = 20, Current Account Resource Amount = 7, Requested Resource Amount = 1.
2022-02-09 19:54:13,411 DEBUG [c.c.r.ResourceLimitManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Checking if domain resource limits of Type 'network' for Domain Id = 2 is exceeded: Domain Resource Limit = (-0.00 KB) -1, Current Domain Resource Amount = (188 bytes) 188, Requested Resource Amount = (1 bytes) 1.
2022-02-09 19:54:13,430 DEBUG [c.c.n.g.BigSwitchBcfGuestNetworkGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Refusing to design this network, the physical isolation type is not BCF_SEGMENT
2022-02-09 19:54:13,431 DEBUG [o.a.c.n.c.m.ContrailGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Refusing to design this network
2022-02-09 19:54:13,434 DEBUG [c.c.n.g.NiciraNvpGuestNetworkGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Refusing to design this network
2022-02-09 19:54:13,436 DEBUG [o.a.c.n.o.OpendaylightGuestNetworkGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Refusing to design this network
2022-02-09 19:54:13,438 DEBUG [c.c.n.g.OvsGuestNetworkGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Refusing to design this network
2022-02-09 19:54:13,440 DEBUG [c.c.n.g.DirectNetworkGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) VXLAN: VLAN
2022-02-09 19:54:13,440 DEBUG [c.c.n.g.DirectNetworkGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) VXLAN: VXLAN
2022-02-09 19:54:13,440 INFO  [c.c.n.g.DirectNetworkGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Refusing to design this network
2022-02-09 19:54:13,445 INFO  [c.c.n.g.DirectNetworkGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Refusing to design this network
2022-02-09 19:54:13,449 DEBUG [o.a.c.n.g.SspGuestNetworkGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) SSP not configured to be active
2022-02-09 19:54:13,451 DEBUG [c.c.n.g.BrocadeVcsGuestNetworkGuru] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Refusing to design this network
2022-02-09 19:54:13,520 DEBUG [o.a.c.e.o.NetworkOrchestrator] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Releasing lock for Acct[d09266b9-4e22-40b8-a013-da17fc4a3cac-levindecaro] -- Account {"id": 9, "name": "levindecaro", "uuid": "d09266b9-4e22-40b8-a013-da17fc4a3cac"}
2022-02-09 19:54:13,528 DEBUG [c.c.r.ResourceLimitManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Updating resource Type = network count for Account = 9 Operation = increasing Amount = 1
2022-02-09 19:54:13,564 INFO  [c.c.k.c.KubernetesClusterManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) Kubernetes cluster name: k8s-testing and ID: 874c1baa-f076-471d-afd9-bda9d33b550f has been created
2022-02-09 19:54:13,593 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) submit async job-46798, details: AsyncJobVO {id:46798, userId: 9, accountId: 9, instanceType: VirtualMachine, instanceId: 107, cmd: org.apache.cloudstack.api.command.user.kubernetes.cluster.CreateKubernetesClusterCmd, cmdInfo: {"dockerregistryusername":"levindecaro","keypair":"mykey","description":"k8s-testing","httpmethod":"GET","dockerregistrypassword":"xxxxxxxxx","ctxAccountId":"9","uuid":"874c1baa-f076-471d-afd9-bda9d33b550f","cmdEventType":"KUBERNETES.CLUSTER.CREATE","kubernetesversionid":"1497a201-8827-4280-9d60-e8710f612e90","size":"1","serviceofferingid":"fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4","dockerregistryurl":"https://docker.io","response":"json","ctxUserId":"9","dockerregistryemail":"levindecaro@gmail.com","name":"k8s-testing","zoneid":"5e43ac5b-d657-49f2-98e1-7304476d28ed","ctxStartEventId":"93575","id":"107","ctxDetails":"{\"interface com.cloud.dc.DataCenter\":\"5e43ac5b-d657-49f2-98e1-7304476d28ed\",\"interface com.cloud.kubernetes.version.KubernetesSupportedVersion\":\"1497a201-8827-4280-9d60-e8710f612e90\",\"interface com.cloud.network.Network\":\"7a97228e-19cb-47b8-870b-9925eba0ca74\",\"interface com.cloud.offering.ServiceOffering\":\"fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4\"}","noderootdisksize":"8"}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: null, initMsid: 90520735245649, completeMsid: null, lastUpdated: null, lastPolled: null, created: null, removed: null}
2022-02-09 19:54:13,595 DEBUG [c.c.a.ApiServlet] (qtp2129144075-797:ctx-5b969d75 ctx-33df8871) (logid:002ca782) ===END===  172.16.2.198 -- GET  name=k8s-testing&description=k8s-testing&zoneid=5e43ac5b-d657-49f2-98e1-7304476d28ed&kubernetesversionid=1497a201-8827-4280-9d60-e8710f612e90&serviceofferingid=fd72248c-0d18-4f0a-a4d9-0dd6f73f3dd4&size=1&noderootdisksize=8&keypair=mykey&dockerregistryusername=levindecaro&dockerregistryurl=https:%2F%2Fdocker.io&dockerregistryemail=levindecaro%40gmail.com&command=createKubernetesCluster&response=json

[davidjumani]

@levindecaro Can you try creating the cluster with the URL as https://index.docker.io/v1/ and the email as your dockerhub account instead of email id ?
It does not necessarily add the secret to kubernetes but creates a ~/.docker/config.json file which is used to authenticate with dockerhub while pulling images

[davidjumani]

It appears as though the docker config file is not in the right location and only on worker nodes. I'll create a patch to fix it
Edit: CKS will be moving to contrainerd and will be fixed as part of #5863

[Pearl1594]

@levindecaro from 4.16.1 onward we will be moving away from docker and using containerd as the container runtime, hence the necessary config for using private registry to pull images will be handled by configuring the /etc/containerd/config.toml file. This is handled by #5863 & is still under testing. Thanks

[levindecaro]

@davidjumani @Pearl1594 Thank you for your update, I think there are requiring effort to workout documentation for CKS and troubleshoot guide. Btw, is it possible to capture the provisioning logs to somewhere in ACS console or agent logs..etc. Since it is quite hard to troubleshoot without having to login into each VM, sometime is it not possible without owner's credential.

[davidjumani]

@levindecaro Thanks, we're updating the documentation. As for the logs, as of now the only way to capture k8s node specific logs is to ssh into the node via the ssh key provided at the time of cluster creation

[levindecaro]

@levindecaro Can you try creating the cluster with the URL as https://index.docker.io/v1/ and the email as your dockerhub account instead of email id ? It does not necessarily add the secret to kubernetes but creates a ~/.docker/config.json file which is used to authenticate with dockerhub while pulling images

Hi @davidjumani , i just re-tested the CKS on 4.16.1, the URL for docker login should set to https://registry-1.docker.io/ instead of https://index.docker.io/v1/ .

[davidjumani]

Thanks for the update @levindecaro