# Pull Images from Internet in a limited Internet Access Environment.

## Problem

* Unable to pull images from Internet(Eg. docker.io) in an environment having limited access to Internet.
* Even after whitelisting `docker.io` in the proxy, the image pull fails with the below events. Example image shown here is `_docker.io/library/nginx:latest_`

{% tabs %}
{% tab title="Bash" %}

```bash
Type     Reason   Age                From     Message
  ----     ------   ----               ----     -------
  Warning  Failed   21s                kubelet  Failed to pull image "nginx": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/nginx:latest": failed to resolve reference "docker.io/library/nginx:latest": failed to do request: Head "https://dockermirror.platform9.io/v2/library/nginx/manifests/latest?ns=docker.io": dial tcp 34.212.72.27:443: i/o timeout
  Warning  Failed   21s                kubelet  Error: ErrImagePull
  Normal   BackOff  20s                kubelet  Back-off pulling image "nginx"
```

{% endtab %}
{% endtabs %}

## Environment

* Platform9 Managed Kubernetes
* Platform9 Edge Cloud

## Cause

* Platform9 caches Images in `_https://dockermirror.platform9.io_` for all the pulls done from `docker.io` . This registry mirror is to avoid rate-limiting from docker.io and for faster pulls.
* If an environment with limited Internet access having `docker.io` whitelisted in the proxy, tries to pull the images, it will eventually fail as it will initially try to reach `_https://dockermirror.platform9.io_` , which the environment would probably not have access to.

## Resolution

* Whitelist the URL `_https://dockermirror.platform9.io_` in the proxy that the cluster is configured with.
* In order for the container runtime to be aware of the proxy while pulling images, create a *`/etc/environment`* file on each node and add the below content in it

{% tabs %}
{% tab title="bash" %}

```bash
$ cat /etc/environment
export LC_ALL=en_US.UTF-8
export http_proxy=http://<proxy-url>:<proxy-port>
export https_proxy=http://<proxy-url>:<proxy-port>
export no_proxy=<list of node IPs/CIDR that doen't need proxy to be routed through. Eg. Internal nodes of a cluster>
```

{% endtab %}
{% endtabs %}

* Once the above is done, restart the Nodeletd phases in a rolling fashion

{% tabs %}
{% tab title="Bash" %}

```bash
$ systemctl stop pf9-hostagent pf9-nodeletd
$ /opt/pf9/nodelet/nodeletd phases restart
$ systemctl start pf9-hostagent pf9-nodeletd
```

{% endtab %}
{% endtabs %}

* Try deploying a pod using image from `docker.io`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://platform9.com/kb/pmk/solutions/pull-images-from-internet-in-a-limited-internet-access-environme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.