来自守护程序的错误响应:获取 https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials

Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials

我们使用 Artifactory 作为所有外部 docker 注册表的中心。我们有不同的环境,所有拉动形式相同 url https://docker.intra。我们突然遇到一个情况,某个图像不再被拉取但是得到这个错误

ErrImagePull: rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials   

实际上

Warning     Failed  Error: ImagePullBackOff     2 minutes ago
Normal  BackOff     Back-off pulling image "docker.intra/main:3.64.0"   5 minutes ago
Normal  Pulling     Pulling image "docker.intra/main:3.64.0"    6 minutes ago
Warning     Failed  Error: ErrImagePull     6 minutes ago
Warning     Failed  Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: This request is blocked due to recurrent login failures, please try again in 4 seconds    6 minutes ago
Warning     Failed  Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials   6 minutes ago
Warning     Failed  Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: This request is blocked due to recurrent login failures, please try again in 3 seconds    7 minutes ago
Normal  Scheduled   Successfully assigned stackrox/central-6487fdc867-jq4j5 to k8s0001  7 minutes ago

但是,我可以从提到的节点中成功下载图像 k8s0001

[papanito@k8s0001 ~]$ docker pull docker.intra/main:3.64.0

    3.64.0: Pulling from main
    29291e31a76a: Pulling fs layer
    ...
    bcabcd2816e8: Pull complete
    Digest: sha256:d03c7cf13b296d8e75529651edae6f08c56144bc090ad79baddccebc07c5a491
    Status: Downloaded newer image for docker.intra/main:3.64.0

没有定义身份验证,不需要。这里 daemon.json

{
    "insecure-registries": null,
    "log-driver": "json-file",
    "data-root": "/mnt/data/docker",
    "log-opts": {
    "max-size": "50m"
    },
    "log-level": "info",
    "storage-driver": "overlay2",
    "icc": false,
    "registry-mirrors": [
    "https://docker.intra"
    ],
    "userland-proxy": false,
    "no-new-privileges": false,
    "live-restore": true
}

我想知道“Bad Credentials”从何而来,为什么同一集群中的其他图像下载成功!?

此行为的根本原因尚不清楚,但似乎与命名空间有关。在另一个命名空间中拉取 docker 图像工作正常。如果在新命名空间中部署应用程序,同样有效。

或者您也可以完全删除 ns 然后重新创建它。

在我的情况下,这是由于密码问题。在我的回购密码中,我有 $0,所以当我创建 k8s 图像拉动密码以连接到存储库时,k8s 将其创建为 $0 作为 -bash ,所以它的密码错误,由于 imagepullback 错误,我在 pod 事件中不断获取并且 pod 无法 运行.,

我在没有 $0 的情况下更改了密码并解决了问题。,

使用下面的命令可以查看镜像拉取密码集是否输入了正确的密码,

kubectl -n namespace get secret registry-key -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}'