Question

DigitalOcean Container Registry Integration - Image Pull backoff : 401 Unauthorized

I am using github actions which succesfully logs into the registry using the token and pushes the images. Then I am using helm to deploy to the cluster.

Failed to pull image "registry.digitalocean.com/XXXX/php:1.1.39": rpc error: code = Unknown desc = failed to pull and unpack image "registry.digitalocean.com/XXXXXXX/php:1.1.39": failed to resolve reference "registry.digitalocean.com/XXXXXXX/php:1.1.39": failed to authorize: failed to fetch anonymous token: unexpected status: 401 Unauthorized

I have added the kubernetes cluster using DigitalOcean Container Registry Integration, which shows there successfully both on the registry and the settings for the kubernetes cluster.

I can confirm the above address `registry.digitalocean.com/XXXX/php:1.1.39 matches the one in the registry. I wonder if I’m misunderstanding how the token / login integration works with the registry, but I’m under the impression that this was a “one click” thing and that the cluster would automatically get the connection to the registry after that.

This is my deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "api-platform.fullname" . }}
  labels:
    {{- include "api-platform.labels" . | nindent 4 }}
spec:
  {{- if not .Values.autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "api-platform.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "api-platform.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "api-platform.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}-caddy
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.caddy.image.repository }}:{{ .Values.caddy.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.caddy.image.pullPolicy }}
          env:
            - name: SERVER_NAME
              value: :80
            - name: PWA_UPSTREAM
              value: {{ include "api-platform.fullname" . }}-pwa:3000
            - name: MERCURE_PUBLISHER_JWT_KEY
              valueFrom:
                secretKeyRef:
                  name: {{ include "api-platform.fullname" . }}
                  key: mercure-publisher-jwt-key
            - name: MERCURE_SUBSCRIBER_JWT_KEY
              valueFrom:
                secretKeyRef:
                  name: {{ include "api-platform.fullname" . }}
                  key: mercure-subscriber-jwt-key
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
            - name: admin
              containerPort: 2019
              protocol: TCP
          volumeMounts:
            - mountPath: /var/run/php
              name: php-socket
          #livenessProbe:
          #  httpGet:
          #    path: /
          #    port: admin
          #readinessProbe:
          #  httpGet:
          #    path: /
          #    port: admin
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
        - name: {{ .Chart.Name }}-php
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.php.image.repository }}:{{ .Values.php.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.php.image.pullPolicy }}
          env:
            {{ include "api-platform.env" . | nindent 12 }}
          volumeMounts:
            - mountPath: /var/run/php
              name: php-socket
          readinessProbe:
            exec:
              command:
                - docker-healthcheck
            initialDelaySeconds: 120
            periodSeconds: 3
          livenessProbe:
            exec:
              command:
                - docker-healthcheck
            initialDelaySeconds: 120
            periodSeconds: 3
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
      - name: php-socket
        emptyDir: {}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer