cancel
Showing results for 
Search instead for 
Did you mean: 
dzmoon
Flight Engineer
Flight Engineer
  • 4,177 Views

Openshift Application deployment issue

Hello :

Who can give me the root cause of the following failed deployment I  tired eveything but No way

[user@rhv crc-linux-2.17.0-amd64]$ ../oc describe pods python-sample-68449dc5b4-bddxc

Name: python-sample-68449dc5b4-bddxc
Namespace: default
Priority: 0
Node: crc-8tnb7-master-0/192.168.126.11
Start Time: Wed, 04 Oct 2023 13:59:52 -0400
Labels: app=python-sample
deployment=python-sample
pod-template-hash=68449dc5b4
Annotations: k8s.v1.cni.cncf.io/network-status:
[{
"name": "openshift-sdn",
"interface": "eth0",
"ips": [
"10.217.0.144"
],
"default": true,
"dns": {}
}]
k8s.v1.cni.cncf.io/networks-status:
[{
"name": "openshift-sdn",
"interface": "eth0",
"ips": [
"10.217.0.144"
],
"default": true,
"dns": {}
}]
Status: Pending
IP: 10.217.0.144
IPs:
IP: 10.217.0.144
Controlled By: ReplicaSet/python-sample-68449dc5b4
Containers:
python-sample:
Container ID:
Image: python-sample:latest
Image ID:
Port: 8080/TCP
Host Port: 0/TCP
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-dhvjj (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-dhvjj:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
ConfigMapName: openshift-service-ca.crt
ConfigMapOptional: <nil>
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 130m default-scheduler Successfully assigned default/python-sample-68449dc5b4-bddxc to crc-8tnb7-master-0
Normal AddedInterface 130m multus Add eth0 [10.217.0.144/23] from openshift-sdn
Warning Failed 126m kubelet Failed to pull image "python-sample:latest": rpc error: code = Unknown desc = pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp [2600:1f18:2148:bc00:8334:ca86:c3d6:a507]:443: connect: network is unreachable
Warning Failed 121m (x2 over 123m) kubelet Failed to pull image "python-sample:latest": rpc error: code = DeadlineExceeded desc = pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp 34.194.164.123:443: i/o timeout
Warning Failed 121m (x4 over 128m) kubelet Error: ErrImagePull
Warning Failed 120m (x7 over 128m) kubelet Error: ImagePullBackOff
Warning Failed 84m (x3 over 105m) kubelet Failed to pull image "python-sample:latest": rpc error: code = DeadlineExceeded desc = pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp 18.215.138.58:443: i/o timeout
Warning Failed 34m (x7 over 128m) kubelet Failed to pull image "python-sample:latest": rpc error: code = DeadlineExceeded desc = pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp 52.1.184.176:443: i/o timeout
Normal Pulling 15m (x20 over 130m) kubelet Pulling image "python-sample:latest"
Normal BackOff 5m22s (x355 over 128m) kubelet Back-off pulling image "python-sample:latest"

Labels (4)
0 Kudos
6 Replies
shashi01
Moderator
Moderator
  • 4,173 Views

@dzmoon 

Let me try

It seems Pod is that Kubernetes is unable to pull the necessary container image (python-sample: latest) from the specified container registry

you may want to check the network connectivity between the Kubernetes node and the Docker registry, verify the image name and tag, and ensure that the necessary credentials are provided if the registry is private or requires authentication

0 Kudos
dzmoon
Flight Engineer
Flight Engineer
  • 4,135 Views

could be some  thing  telated to access to external Registry  from the cluster ?

https://access.redhat.com/discussions/3487851

0 Kudos
Chetan_Tiwary_
Community Manager
Community Manager
  • 4,170 Views

Hello @dzmoon !
You might want to check out the error messages in the logs :

Chetan_Tiwary__0-1696451604343.png

 

Check if the kubelet is able to connect to registry or for that matter registry is available and reachable. Is the configuration set to use the mentioned registry with the right credentials ? What about ports ? 

Imagepullbackoff error clearly states it cannot pull the image from the registry and it says deadline exceeded : means the connection is also slower. 

If you need product support, see if you can open a support case and get help.

0 Kudos
dzmoon
Flight Engineer
Flight Engineer
  • 4,144 Views

Hi @shashi01 @Chetan_Tiwary_ 

Thanks for your reply and details unfortunately this  poc cluster  and don’t have support , I am just testing examples  that  I found in the cluster  

for Network connection  it seems Ok  , I have tested it from the firewall side and it seem  evey thing is green no blocked traffic or restriction policy, or do you have any to test from inside  the cluster ?

for the registry explanation maybe yes, because i have  other pods from Qurary.io and docker.io and I have the same issue

PODs Example  in that I am testing  are public available  so i juste rused it in my cluster like this  example

oc new-app python:3.9-ubi8~https://github.com/sclorg/django-ex.git

 

do we need to setup  authentication for public registry  before to use  images   in OC ?

 

Regards

Sofiane

0 Kudos
shashi01
Moderator
Moderator
  • 4,135 Views

@dzmoon 

It's a good practice to set up authentication even for public registries to increase the rate limits.
If you've hit a rate limit, that could potentially cause failures when trying to pull images. Setting up authenticated access to Docker Hub (and other public registries) in your OpenShift cluster could help alleviate this issue.

0 Kudos
dzmoon
Flight Engineer
Flight Engineer
  • 4,112 Views

Hi @shashi01

can you please send  me a way to  set up authentification for public registry in OC  I have  used this link  but i dont know if it is the correct way 

https://docs.openshift.com/container-platform/4.9/openshift_images/managing_images/using-image-pull-... 

I also  found a same issue with Docker , it seems that it is related to  bug in docker 

https://github.com/kubernetes/minikube/issues/14789

0 Kudos
Join the discussion
You must log in to join this conversation.