Question

DigitalOcean Container Registry Integration - Image Pull backoff : 401 Unauthorized

I am using github actions which succesfully logs into the registry using the token and pushes the images. Then I am using helm to deploy to the cluster.

Failed to pull image "registry.digitalocean.com/XXXX/php:1.1.39": rpc error: code = Unknown desc = failed to pull and unpack image "registry.digitalocean.com/XXXXXXX/php:1.1.39": failed to resolve reference "registry.digitalocean.com/XXXXXXX/php:1.1.39": failed to authorize: failed to fetch anonymous token: unexpected status: 401 Unauthorized

I have added the kubernetes cluster using DigitalOcean Container Registry Integration, which shows there successfully both on the registry and the settings for the kubernetes cluster.

I can confirm the above address `registry.digitalocean.com/XXXX/php:1.1.39 matches the one in the registry. I wonder if I’m misunderstanding how the token / login integration works with the registry, but I’m under the impression that this was a “one click” thing and that the cluster would automatically get the connection to the registry after that.

This is my deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "api-platform.fullname" . }}
  labels:
    {{- include "api-platform.labels" . | nindent 4 }}
spec:
  {{- if not .Values.autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "api-platform.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "api-platform.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "api-platform.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}-caddy
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.caddy.image.repository }}:{{ .Values.caddy.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.caddy.image.pullPolicy }}
          env:
            - name: SERVER_NAME
              value: :80
            - name: PWA_UPSTREAM
              value: {{ include "api-platform.fullname" . }}-pwa:3000
            - name: MERCURE_PUBLISHER_JWT_KEY
              valueFrom:
                secretKeyRef:
                  name: {{ include "api-platform.fullname" . }}
                  key: mercure-publisher-jwt-key
            - name: MERCURE_SUBSCRIBER_JWT_KEY
              valueFrom:
                secretKeyRef:
                  name: {{ include "api-platform.fullname" . }}
                  key: mercure-subscriber-jwt-key
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
            - name: admin
              containerPort: 2019
              protocol: TCP
          volumeMounts:
            - mountPath: /var/run/php
              name: php-socket
          #livenessProbe:
          #  httpGet:
          #    path: /
          #    port: admin
          #readinessProbe:
          #  httpGet:
          #    path: /
          #    port: admin
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
        - name: {{ .Chart.Name }}-php
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.php.image.repository }}:{{ .Values.php.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.php.image.pullPolicy }}
          env:
            {{ include "api-platform.env" . | nindent 12 }}
          volumeMounts:
            - mountPath: /var/run/php
              name: php-socket
          readinessProbe:
            exec:
              command:
                - docker-healthcheck
            initialDelaySeconds: 120
            periodSeconds: 3
          livenessProbe:
            exec:
              command:
                - docker-healthcheck
            initialDelaySeconds: 120
            periodSeconds: 3
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
      - name: php-socket
        emptyDir: {}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I started having the same problem today after changing my “Registry subscription plan”

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up