Description

ARTIFACTORY: How to resolve error “Failed to pull image…” when pulling images from Artifactory in Kubernetes

AuthorFullName__c
Ino Choi
articleNumber
000005495
ft:sourceType
Salesforce
FirstPublishedDate
2022-12-11T10:33:46Z
lastModifiedDate
2022-12-11
VersionNumber
3
To create a pod and pull an image from a private registry, Artifactory in our case, you need to pass the secret that contains user credentials for Artifactory.
apiVersion: v1
kind: Pod
metadata:
  name: my-private-pod
spec:
  containers:
    - name: private
      image: <ARTIFACTORY>/<DOCKER_REPO>/<IMAGE>:<TAG>
  imagePullSecrets:
    - name: <SECRET>

In Docker versions below 1.7.0, Docker config was saved in .dockercfg file. And when creating a secret using this config file in Kubernetes, it creates a secret type “kubernetes.io/dockercfg”.
NAME         TYPE                             DATA   AGE
dockercfg    kubernetes.io/dockercfg          1      17m

Until Artifactory 7.39.x version, this secret type can be used to pull Docker images from Artifactory.

However, from 7.41.x, the “kubernetes.io/dockercfg” secret type may cause the below errors when pulling images,
Warning  Failed     1s    kubelet            Failed to pull image "artifactory/docker/busybox:latest": rpc error: code = Unknown desc = Error response from daemon: Head "http://artifactory/v2/docker/busybox/manifests/latest": unknown: Authentication is required
 Warning  Failed     1s    kubelet            Failed to pull image "artifactory/docker/busybox:latest": rpc error: code = Unknown desc = Error response from daemon: Head "http://artifactory/v2/docker/busybox/manifests/latest": unknown: Token failed verification: signature