来自守护程序的错误响应:获取 https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials
Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials
我们使用 Artifactory 作为所有外部 docker 注册表的中心。我们有不同的环境,所有拉动形式相同 url https://docker.intra。我们突然遇到一个情况,某个图像不再被拉取但是得到这个错误
ErrImagePull: rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials
实际上
Warning Failed Error: ImagePullBackOff 2 minutes ago
Normal BackOff Back-off pulling image "docker.intra/main:3.64.0" 5 minutes ago
Normal Pulling Pulling image "docker.intra/main:3.64.0" 6 minutes ago
Warning Failed Error: ErrImagePull 6 minutes ago
Warning Failed Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: This request is blocked due to recurrent login failures, please try again in 4 seconds 6 minutes ago
Warning Failed Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials 6 minutes ago
Warning Failed Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: This request is blocked due to recurrent login failures, please try again in 3 seconds 7 minutes ago
Normal Scheduled Successfully assigned stackrox/central-6487fdc867-jq4j5 to k8s0001 7 minutes ago
但是,我可以从提到的节点中成功下载图像 k8s0001
[papanito@k8s0001 ~]$ docker pull docker.intra/main:3.64.0
3.64.0: Pulling from main
29291e31a76a: Pulling fs layer
...
bcabcd2816e8: Pull complete
Digest: sha256:d03c7cf13b296d8e75529651edae6f08c56144bc090ad79baddccebc07c5a491
Status: Downloaded newer image for docker.intra/main:3.64.0
没有定义身份验证,不需要。这里 daemon.json
{
"insecure-registries": null,
"log-driver": "json-file",
"data-root": "/mnt/data/docker",
"log-opts": {
"max-size": "50m"
},
"log-level": "info",
"storage-driver": "overlay2",
"icc": false,
"registry-mirrors": [
"https://docker.intra"
],
"userland-proxy": false,
"no-new-privileges": false,
"live-restore": true
}
我想知道“Bad Credentials”从何而来,为什么同一集群中的其他图像下载成功!?
此行为的根本原因尚不清楚,但似乎与命名空间有关。在另一个命名空间中拉取 docker 图像工作正常。如果在新命名空间中部署应用程序,同样有效。
或者您也可以完全删除 ns 然后重新创建它。
在我的情况下,这是由于密码问题。在我的回购密码中,我有 $0,所以当我创建 k8s 图像拉动密码以连接到存储库时,k8s 将其创建为 $0 作为 -bash ,所以它的密码错误,由于 imagepullback 错误,我在 pod 事件中不断获取并且 pod 无法 运行.,
我在没有 $0 的情况下更改了密码并解决了问题。,
使用下面的命令可以查看镜像拉取密码集是否输入了正确的密码,
kubectl -n namespace get secret registry-key -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}'
我们使用 Artifactory 作为所有外部 docker 注册表的中心。我们有不同的环境,所有拉动形式相同 url https://docker.intra。我们突然遇到一个情况,某个图像不再被拉取但是得到这个错误
ErrImagePull: rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials
实际上
Warning Failed Error: ImagePullBackOff 2 minutes ago
Normal BackOff Back-off pulling image "docker.intra/main:3.64.0" 5 minutes ago
Normal Pulling Pulling image "docker.intra/main:3.64.0" 6 minutes ago
Warning Failed Error: ErrImagePull 6 minutes ago
Warning Failed Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: This request is blocked due to recurrent login failures, please try again in 4 seconds 6 minutes ago
Warning Failed Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials 6 minutes ago
Warning Failed Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: This request is blocked due to recurrent login failures, please try again in 3 seconds 7 minutes ago
Normal Scheduled Successfully assigned stackrox/central-6487fdc867-jq4j5 to k8s0001 7 minutes ago
但是,我可以从提到的节点中成功下载图像 k8s0001
[papanito@k8s0001 ~]$ docker pull docker.intra/main:3.64.0
3.64.0: Pulling from main
29291e31a76a: Pulling fs layer
...
bcabcd2816e8: Pull complete
Digest: sha256:d03c7cf13b296d8e75529651edae6f08c56144bc090ad79baddccebc07c5a491
Status: Downloaded newer image for docker.intra/main:3.64.0
没有定义身份验证,不需要。这里 daemon.json
{
"insecure-registries": null,
"log-driver": "json-file",
"data-root": "/mnt/data/docker",
"log-opts": {
"max-size": "50m"
},
"log-level": "info",
"storage-driver": "overlay2",
"icc": false,
"registry-mirrors": [
"https://docker.intra"
],
"userland-proxy": false,
"no-new-privileges": false,
"live-restore": true
}
我想知道“Bad Credentials”从何而来,为什么同一集群中的其他图像下载成功!?
此行为的根本原因尚不清楚,但似乎与命名空间有关。在另一个命名空间中拉取 docker 图像工作正常。如果在新命名空间中部署应用程序,同样有效。
或者您也可以完全删除 ns 然后重新创建它。
在我的情况下,这是由于密码问题。在我的回购密码中,我有 $0,所以当我创建 k8s 图像拉动密码以连接到存储库时,k8s 将其创建为 $0 作为 -bash ,所以它的密码错误,由于 imagepullback 错误,我在 pod 事件中不断获取并且 pod 无法 运行.,
我在没有 $0 的情况下更改了密码并解决了问题。,
使用下面的命令可以查看镜像拉取密码集是否输入了正确的密码,
kubectl -n namespace get secret registry-key -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}'