您可以将 Docker 图像直接拉入 IBM Cloud Kubernetes 集群吗?
Can you pull Docker images directly into IBM Cloud Kubernetes clusters?
TL:DR - 对不起,如果这是基本的东西,我正在学习 Kubernetes。
我尝试在 IBM Cloud 中创建 Kubernetes 部署但失败了。部署在我的本地 minikube 上运行良好,但在 IBM Cloud 中失败。我是否需要使用 IBM Cloud 名称空间进行部署,或者我是否应该能够从 Docker public 产品中将 Docker 映像拉入 IBM Cloud?
长版
我正在学习这门关于 IBM Cloud Kubernetes 服务的课程 (https://courses.cognitiveclass.ai/courses/course-v1:CognitiveClass+CO0401EN+v1/info)
在先决条件中,我需要为留言簿数据库部署Redis。
这些步骤是:
1. 克隆 repo
$ clone https://github.com/IBM/guestbook.git
cd 到 /guestbook/v2
为主从创建Redis控制器和服务:
$ kubectl create -f redis-master-deployment.yaml
问题是当我 运行:
$ kubectl create -f redis-master-deployment.yaml
部署失败:
$ kubectl get deployments -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
redis-master 0/1 1 0 10m redis-master redis:3.2.9 app=redis,role=master
$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
redis-master-577bc6fbb-b4trd 0/1 ImagePullBackOff 0 14m 172.30.113.18 10.241.0.11 <none> <none>
我在这里猜测,但看起来 IBM Cloud Kubernetes 服务无法联系 Docker 来获取图像。
$ kubectl describe pods redis-master-577bc6fbb-b4trd
Name: redis-master-577bc6fbb-b4trd
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: 10.241.0.11/10.241.0.11
Start Time: Thu, 05 Mar 2020 12:01:45 -0500
Labels: app=redis
pod-template-hash=577bc6fbb
role=master
Annotations: kubernetes.io/psp: ibm-privileged-psp
Status: Pending
IP: 172.30.113.18
Controlled By: ReplicaSet/redis-master-577bc6fbb
Containers:
redis-master:
Container ID:
Image: redis:3.2.9
Image ID:
Port: 6379/TCP
Host Port: 0/TCP
State: Waiting
Reason: ErrImagePull
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-rxmp2 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-rxmp2:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-rxmp2
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 600s
node.kubernetes.io/unreachable:NoExecute for 600s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned default/redis-master-577bc6fbb-b4trd to 10.241.0.11
Warning Failed 13m (x2 over 14m) kubelet, 10.241.0.11 Failed to pull image "redis:3.2.9": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/redis:3.2.9": failed to resolve reference "docker.io/library/redis:3.2.9": failed to do request: Head https://registry-1.docker.io/v2/library/redis/manifests/3.2.9: dial tcp 34.197.189.129:443: i/o timeout
Warning Failed 12m kubelet, 10.241.0.11 Failed to pull image "redis:3.2.9": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/redis:3.2.9": failed to resolve reference "docker.io/library/redis:3.2.9": failed to do request: Head https://registry-1.docker.io/v2/library/redis/manifests/3.2.9: dial tcp 3.224.75.242:443: i/o timeout
Normal Pulling 11m (x4 over 14m) kubelet, 10.241.0.11 Pulling image "redis:3.2.9"
Warning Failed 11m kubelet, 10.241.0.11 Failed to pull image "redis:3.2.9": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/redis:3.2.9": failed to resolve reference "docker.io/library/redis:3.2.9": failed to do request: Head https://registry-1.docker.io/v2/library/redis/manifests/3.2.9: dial tcp 54.210.105.17:443: i/o timeout
Normal BackOff 10m (x6 over 14m) kubelet, 10.241.0.11 Back-off pulling image "redis:3.2.9"
Warning Failed 9m21s (x5 over 14m) kubelet, 10.241.0.11 Error: ErrImagePull
Warning Failed 4m38s (x28 over 14m) kubelet, 10.241.0.11 Error: ImagePullBackOff
然后我去我的 minikube 测试 运行 相同的命令
$ kubectl create -f ./redis-master-deployment.yaml
deployment.apps/redis-master created
$ kubectl get deployments -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
redis-master 1/1 1 1 14s redis-master redis:3.2.9 app=redis,role=master
所以我只需要指出我在这里出错的方向。
感谢@bhpratt
发现问题
工作节点所在的子网没有 public IP。他们确实有代理资源,但必须在子网本身上启用。
IBM Cloud Subnet public gateway pic
已关闭。翻转开关,部署创建成功。
$ kubectl get deployments -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
redis-master 1/1 1 1 4m50s redis-master redis:3.2.9 app=redis,role=master
感谢您提供更多信息。答案是您的工作节点需要 public 访问权限才能从 public docker 中提取数据。三个解决方案:
- 使用 public 和私有 IP
创建工作节点
- 创建启用网关的集群:
https://cloud.ibm.com/docs/containers?topic=containers-plan_clusters#gateway
- 将 docker 映像推送到您的 IBM Cloud 容器注册表,
更新 YAML 以从容器注册表中提取,并部署
容器。您的集群可以从专用网络的 IBM Cloud 注册表中拉取映像。
TL:DR - 对不起,如果这是基本的东西,我正在学习 Kubernetes。 我尝试在 IBM Cloud 中创建 Kubernetes 部署但失败了。部署在我的本地 minikube 上运行良好,但在 IBM Cloud 中失败。我是否需要使用 IBM Cloud 名称空间进行部署,或者我是否应该能够从 Docker public 产品中将 Docker 映像拉入 IBM Cloud?
长版
我正在学习这门关于 IBM Cloud Kubernetes 服务的课程 (https://courses.cognitiveclass.ai/courses/course-v1:CognitiveClass+CO0401EN+v1/info)
在先决条件中,我需要为留言簿数据库部署Redis。
这些步骤是: 1. 克隆 repo
$ clone https://github.com/IBM/guestbook.git
cd 到 /guestbook/v2
为主从创建Redis控制器和服务:
$ kubectl create -f redis-master-deployment.yaml
问题是当我 运行:
$ kubectl create -f redis-master-deployment.yaml
部署失败:
$ kubectl get deployments -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
redis-master 0/1 1 0 10m redis-master redis:3.2.9 app=redis,role=master
$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
redis-master-577bc6fbb-b4trd 0/1 ImagePullBackOff 0 14m 172.30.113.18 10.241.0.11 <none> <none>
我在这里猜测,但看起来 IBM Cloud Kubernetes 服务无法联系 Docker 来获取图像。
$ kubectl describe pods redis-master-577bc6fbb-b4trd
Name: redis-master-577bc6fbb-b4trd
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: 10.241.0.11/10.241.0.11
Start Time: Thu, 05 Mar 2020 12:01:45 -0500
Labels: app=redis
pod-template-hash=577bc6fbb
role=master
Annotations: kubernetes.io/psp: ibm-privileged-psp
Status: Pending
IP: 172.30.113.18
Controlled By: ReplicaSet/redis-master-577bc6fbb
Containers:
redis-master:
Container ID:
Image: redis:3.2.9
Image ID:
Port: 6379/TCP
Host Port: 0/TCP
State: Waiting
Reason: ErrImagePull
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-rxmp2 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-rxmp2:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-rxmp2
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 600s
node.kubernetes.io/unreachable:NoExecute for 600s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned default/redis-master-577bc6fbb-b4trd to 10.241.0.11
Warning Failed 13m (x2 over 14m) kubelet, 10.241.0.11 Failed to pull image "redis:3.2.9": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/redis:3.2.9": failed to resolve reference "docker.io/library/redis:3.2.9": failed to do request: Head https://registry-1.docker.io/v2/library/redis/manifests/3.2.9: dial tcp 34.197.189.129:443: i/o timeout
Warning Failed 12m kubelet, 10.241.0.11 Failed to pull image "redis:3.2.9": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/redis:3.2.9": failed to resolve reference "docker.io/library/redis:3.2.9": failed to do request: Head https://registry-1.docker.io/v2/library/redis/manifests/3.2.9: dial tcp 3.224.75.242:443: i/o timeout
Normal Pulling 11m (x4 over 14m) kubelet, 10.241.0.11 Pulling image "redis:3.2.9"
Warning Failed 11m kubelet, 10.241.0.11 Failed to pull image "redis:3.2.9": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/redis:3.2.9": failed to resolve reference "docker.io/library/redis:3.2.9": failed to do request: Head https://registry-1.docker.io/v2/library/redis/manifests/3.2.9: dial tcp 54.210.105.17:443: i/o timeout
Normal BackOff 10m (x6 over 14m) kubelet, 10.241.0.11 Back-off pulling image "redis:3.2.9"
Warning Failed 9m21s (x5 over 14m) kubelet, 10.241.0.11 Error: ErrImagePull
Warning Failed 4m38s (x28 over 14m) kubelet, 10.241.0.11 Error: ImagePullBackOff
然后我去我的 minikube 测试 运行 相同的命令
$ kubectl create -f ./redis-master-deployment.yaml
deployment.apps/redis-master created
$ kubectl get deployments -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
redis-master 1/1 1 1 14s redis-master redis:3.2.9 app=redis,role=master
所以我只需要指出我在这里出错的方向。
感谢@bhpratt
发现问题工作节点所在的子网没有 public IP。他们确实有代理资源,但必须在子网本身上启用。
IBM Cloud Subnet public gateway pic
已关闭。翻转开关,部署创建成功。
$ kubectl get deployments -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
redis-master 1/1 1 1 4m50s redis-master redis:3.2.9 app=redis,role=master
感谢您提供更多信息。答案是您的工作节点需要 public 访问权限才能从 public docker 中提取数据。三个解决方案:
- 使用 public 和私有 IP 创建工作节点
- 创建启用网关的集群: https://cloud.ibm.com/docs/containers?topic=containers-plan_clusters#gateway
- 将 docker 映像推送到您的 IBM Cloud 容器注册表, 更新 YAML 以从容器注册表中提取,并部署 容器。您的集群可以从专用网络的 IBM Cloud 注册表中拉取映像。