ECS Installation failure due to External Registry issues

During a fresh ECS install, if you encounter image pull issues with a custom docker registry set up, here are some steps to check if your custom registry is configured properly.

During a fresh ECS install, installation failure when pulling images typically indicates incorrect setup of the external or custom registry.

Istio image is the first to be pulled from the custom registry.

Describing the pod may look similar to:

Failed to pull image “registry.ecs.internal/cloudera_thirdparty/gloo_mesh/istio-4d37697f9711/pilot:1.24.2-solo-distroless”... failed to do request: Head: https://registry.ecs.internal/cloudera_thirdparty.... : dial tcp: lookup registry.ecs.internal on …

Run the ECS Refresh command to update the docker pull secrets for the custom registry:

Go to ECS Service Actions > Refresh ECS

Navigate to Cloudera Manager UI ->Containerized cluster (ECS Cluster Name) ->Configuration.
Search for "docker" and verify the following parameters: External Container Registry User, External Container Registry Password, External Container Registry, External Docker Registry Certificate (PEM format). Only TLS-enabled custom Docker Registry is supported.
If any configurations are incorrect, update and save the changes.
Restart the ECS cluster to apply the changes(All ECS server and agents service need to be restarted. Note that hosts restart is not required.)
Once the command succeeds, navigate to Cloudera Manager UI -> Running Commands, find the failed First Run command, and click Resume to proceed with the installation process.

Run ECS Refresh Command

While updating the docker username/password, ensure to refresh ECS. Without Refresh ECS, the username/password will not be updated in the cdp-private-installer-docker-pull-secret secret objects.

Run the ECS Refresh command and update the docker pull secrets for the custom registry: Go to ECS Server Actions > Refresh ECS