Kubic can not Pull Images with kubeadm

i start kubeadm init -v 100 and get following errors:

error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.14.1: output: time="2019-04-30T08:29:09+02:00" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = pinging docker registry returned: Get https://k8s.gcr.io/v2/: dial tcp 108.177.15.82:443: i/o timeout"
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.14.1: output: time="2019-04-30T08:30:09+02:00" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = pinging docker registry returned: Get https://k8s.gcr.io/v2/: dial tcp 108.177.15.82:443: i/o timeout"
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.14.1: output: time="2019-04-30T08:31:09+02:00" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = pinging docker registry returned: Get https://k8s.gcr.io/v2/: dial tcp 108.177.15.82:443: i/o timeout"
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.14.1: output: time="2019-04-30T08:32:09+02:00" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = pinging docker registry returned: Get https://k8s.gcr.io/v2/: dial tcp 108.177.15.82:443: i/o timeout"
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.1: output: time="2019-04-30T08:33:09+02:00" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = pinging docker registry returned: Get https://k8s.gcr.io/v2/: dial tcp 108.177.15.82:443: i/o timeout"
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/etcd:3.3.10: output: time="2019-04-30T08:34:10+02:00" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = pinging docker registry returned: Get https://k8s.gcr.io/v2/: dial tcp 108.177.15.82:443: i/o timeout"
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns:1.3.1: output: time="2019-04-30T08:35:10+02:00" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = pinging docker registry returned: Get https://k8s.gcr.io/v2/: dial tcp 108.177.15.82:443: i/o timeout"
, error: exit status 1

i have a working Internet connection over a proxy. fetching the release works fine:

I0430 08:28:08.076341    1980 version.go:171] fetching Kubernetes version from URL: https://dl.k8s.io/release/stable-1.txt
I0430 08:28:08.706055    1980 feature_gate.go:226] feature gates: &{map]}
[init] Using Kubernetes version: v1.14.1

Google failed me

kubeadm config images pull also fails with the same messages

Anyone can point me into the right direction?

Hi, welcome,

To be honest, I don’t think there’s many Kubic users here, I think you’re better of on the factory mailing list, or on the kubic IRC channel.

Proxies are a major PITA. Without having seen the actual kubic image (which one are you using?), I would guess you need to point the docker daemon to the proxy. Unlike the plain shell https_proxy env var, docker expects HTTPS_PROXY var set at startup. On most systems this is set in /etc/sysconfig/docker or somewhere near that. I am only sure for RHEL/Cent

ah, forget this, just had a look at kubic image. There is no docker on it. Still, you probably have to set the proxy somewhere

I tried already to meet some people on IRC but I never meet someone in the channel unfortunately

I did set the proxy in the overlay fs in /var/lib/overlay/1/sysconfig/proxy. The proxy shows up in env correctly, also it does work for surfing with w3m curling and also to fetch the release fro k8s but not for the containers unfortunately.

Kubic use cri-o for containers.

I don’t know how Google does its security for this repository, and it’s not free so there has to be some kind of authentication.
Since your error is “undefined” but then follows to say that it’s “pinging” the location,

1. How sure are you that the image exists?
2. Does your method involve setting authentication credentials somewhere and somehow(Since it’s Google, I’d make a wild guess that there should be Oath2 in there somewhere)?
3. If you have authenticated access, can you browse this repository to see what is in there? Yes, I think there should be docker images in there, it may even be that this repository is supposed to hold only docker images.

And finally,
Are you following a guide somewhere that recommended storing or sharing images at this location?

TSU

1. I follow the official Kubic guide and it says that kubeadm init pulls all needed images ( kubic is a official kubernetes distribution)
2. This is nowhere mentioned kubeadm should do it all
3. Cri-o can make use of Docker images

And finally did you ever tried to use Kubic? I tried to get in touch with people who share the interest in Kubernetes/Kubic

You’ll have to be more specific about “the Official Kubic guide” you used since I don’t know that any official documentation exists. When I did some experimenting with Kubic, about 2 paragraphs existed and I had to figure things out by translating SUSE guidance into an openSUSE framework which wasn’t straightforward due to different modules, procedures and authentication/licensing/payment models. Today, it looks like the best “official” guidance is posted in the openSUSE Wiki,

https://en.opensuse.org/Kubic:kubeadm

Kubic has had its issues gaining usage, probably not the least was the extreme issues I described just to get myself working which I doubt many others would have been successful… In other words, the project concentrated heavily on turning out innovative, quality product but it was entirely built for “paid” CAAS SUSE, and almost no attention was applied to “open” openSUSE. The world needs Kubic, I don’t know if there is a world-accepted version of Kubernetes other than Red Hat’s OpenShift, but Kubic has great potential to be that alternative due to things like the transactional functions (which really needs an abbreviated command very badly. My fingers get a real workout with transactional server).

In a way,
It’s a good lesson in project objectives and resource allocation, the importance of documentation has been noted before but has often been dismissed. But only highly finished products that are written superlatively to be so intuitive and error-free do not need documentation, and those are very, very rare… and hardly to be expected during early Development.

IMO,
TSU

I did talk about the Kubic Wiki. I first tried the arm Images for raspberry and failed (I did not try to much because it was more or less for being bored) No i am trying to set up a kubernetes cluster at work and fail again :D.

I just wanted to figure things out before i buy caasp for our developers.

If your ultimate goal is to deploy caasp,
Then I strongly recommend that you test and experiment on SUSE from the beginning, as I noted available documentation and guides more closely match what you’ll find on SUSE.

You can download and sign up for a temporary license so you’re not out of picket while you’re testing.

TSU

Problem Solved:

I had to configure the evironment of crio.service in /etc/sysconfig/crio.

After I entered the http_proxy and so on there it works. If I had used my brain earlier this would have been an easy task. systemd.services don’t use system env…

When I can find some time, I’ll probably try to take a look at this if someone doesn’t get to this before me…
Environmental variables are commonly set in systemd Unit files, and if the crio service isn’t commonly used for any other purpose should be set correctly by default.

TSU

Is there a Bugtracker or a git where I can make a issue for it?

Yes!
Provide as much detail as you can.

https://bugzilla.opensuse.org

If you haven’t used this kind of bugzilla before, use only links in the top line, ignore everything below. You can do a search to see if anyone has reported something similar, click “new” to create a new issue.

TSU