从私有存储库在 Kubernetes 上拉取图像问题
Image pulling issue on Kubernetes from private repository
我创建了注册表积分,当我像这样在 pod 上申请时:
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: registry.io.io/simple-node
imagePullSecrets:
- name: regcred
拉取镜像成功
但如果我尝试这样做:
apiVersion: apps/v1
kind: Deployment
metadata:
name: node123
namespace: node123
spec:
replicas: 5
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
selector:
matchLabels:
name: node123
template:
metadata:
labels:
name: node123
spec:
containers:
- name: node123
image: registry.io.io/simple-node
ports:
- containerPort: 3000
imagePullSecrets:
- name: regcred
在 pod 上会出现错误:ImagePullBackOff
当我描述它变得
Failed to pull image "registry.io.io/simple-node": rpc error: code =
Unknown desc = Error response from daemon: Get
https://registry.io.io/v2/simple-node/manifests/latest: no basic auth
credentials
有人知道如何解决这个问题吗?
我们总是 运行 来自私有注册表的图像。此清单可能对您有所帮助:
将您的参数放入终端的 env 变量中以获得单一的真实来源:
export DOCKER_HOST=registry.io.io
export DOCKER_USER=<your-user>
export DOCKER_PASS=<your-pass>
确保您可以验证并且图像确实存在
echo $DOCKER_PASS | docker login -u$DOCKER_USER --password-stdin $DOCKER_HOST
docker pull ${DOCKER_HOST}/simple-node
确保您在 pod/deployment;
的相同命名空间中创建了 Dockerconfig 秘密
namespace=mynamespace # default
kubectl -n ${namespace} create secret docker-registry regcred \
--docker-server=${DOCKER_HOST} \
--docker-username=${DOCKER_USER} \
--docker-password=${DOCKER_PASS} \
--docker-email=anything@will.work.com
用秘密修补 Pod 使用的服务帐户
namespace=mynamespace
kubectl -n ${namespace} patch serviceaccount default \
-p '{"imagePullSecrets": [{"name": "regcred"}]}'
# if the pod use another service account,
# replace "default" by the relevant service account
或
在广告连播中添加 imagePullSecrets :
imagePullSecrets:
- name: regcred
containers:
- ....
我创建了注册表积分,当我像这样在 pod 上申请时:
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: registry.io.io/simple-node
imagePullSecrets:
- name: regcred
拉取镜像成功
但如果我尝试这样做:
apiVersion: apps/v1
kind: Deployment
metadata:
name: node123
namespace: node123
spec:
replicas: 5
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
selector:
matchLabels:
name: node123
template:
metadata:
labels:
name: node123
spec:
containers:
- name: node123
image: registry.io.io/simple-node
ports:
- containerPort: 3000
imagePullSecrets:
- name: regcred
在 pod 上会出现错误:ImagePullBackOff
当我描述它变得
Failed to pull image "registry.io.io/simple-node": rpc error: code = Unknown desc = Error response from daemon: Get https://registry.io.io/v2/simple-node/manifests/latest: no basic auth credentials
有人知道如何解决这个问题吗?
我们总是 运行 来自私有注册表的图像。此清单可能对您有所帮助:
将您的参数放入终端的 env 变量中以获得单一的真实来源:
export DOCKER_HOST=registry.io.io export DOCKER_USER=<your-user> export DOCKER_PASS=<your-pass>确保您可以验证并且图像确实存在
echo $DOCKER_PASS | docker login -u$DOCKER_USER --password-stdin $DOCKER_HOST docker pull ${DOCKER_HOST}/simple-node确保您在 pod/deployment;
的相同命名空间中创建了 Dockerconfig 秘密namespace=mynamespace # default kubectl -n ${namespace} create secret docker-registry regcred \ --docker-server=${DOCKER_HOST} \ --docker-username=${DOCKER_USER} \ --docker-password=${DOCKER_PASS} \ --docker-email=anything@will.work.com用秘密修补 Pod 使用的服务帐户
namespace=mynamespace kubectl -n ${namespace} patch serviceaccount default \ -p '{"imagePullSecrets": [{"name": "regcred"}]}' # if the pod use another service account, # replace "default" by the relevant service account或
在广告连播中添加
imagePullSecrets:imagePullSecrets: - name: regcred containers: - ....