So we have a private package registry in github that hosts our docker images.
Now I want to use those images for deployment into GKE.
Here is a sample of my github action workflow so far.
name: Deploy API Deployments
on:
push:
branches:
- master
- main
paths:
- "k8s-cluster/deployments/api/**"
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: development
permissions:
packages: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Authenticate Into ghcr.io
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- name: Get GKE Cluster Credentials
uses: google-github-actions/get-gke-credentials@v0
with:
cluster_name: ${{ secrets.GKE_CLUSTER }}
location: ${{ secrets.GKE_ZONE }}
credentials: ${{ secrets.GKE_SA_KEY }}
- name: Deploy
run: kubectl apply -f ./k8s-cluster/deployments/api/
- name: Test API Deployment status
run: |-
kubectl rollout status deployment/test-api-deploy
kubectl get services -o wide
The deployment kubernetes resource does get deployed but the pods are not created as it is not able to pull the image from github package registry
it just says ErrImagePull
I tried researching about how to do it but resources are scarce.
Any help is appreciated, Thanks in advance.
2
Answers
OK so basically the problem is we need to create a special type of secret inside the kubernetes cluster that is going to be used during image pull process to authenticate into github package registry and get access to the docker images hosted there.
Here are the process I did to solve the problem.
Create Github PAT (Personal Access Token). Refer to this link to create one.
Create a secret of type kubernetes.io/dockerconfigjson in the kubernetes cluster. The command I used is as follows:
And that is it, my github action workflow above now works. Being able to pull images hosted in Github Package Registry from GKE.
Note: On my question I have this on my workflow.
This isn't necessary and does nothing so it is ok to be removed.
ImagePullBackOff and ErrImagePull indicate that the image used by a container cannot be loaded from the image registry.
To understand the root cause and find more details about this error, use the
Kubectl describe pod podname
command. You can see the actual error message under the Events column.A few important steps you can check and use to troubleshoot the error:
If the description says that the pod is stuck in an ImagePullBackOff/ErrImagePull because the
image doesn’t exist
and we cannot pull the image. The error could be either from a typo or the image was not pushed to the container registry, and also check whether you are referring to an image that doesn’t exist.Verify that the
image's tag
is correct. (Try :latest or no tag to pull the latest image). You should also check to be sure that your image tag includes the registry URL when one is required.Another common cause of image pull errors occurs when you’re using a private registry. Kubernetes needs to be given credentials it can use to authenticate to the registry. Without them, pulls will be unsuccessful; you’ll see a
pull access denied
message as a part of theErrImagePull
error. You must provide proper credentials to Kubernetes using the secret to pull the image from the registry.There could be a widespread network issue on the nodes of your kubernetes cluster, and the container runtime will not be able to pull the image from the container registry which may cause the error. So, check the network connectivity on all the nodes of the cluster.
Refer to the link for more information on the troubleshooting process.