minikube 插件配置 registry-creds 不适用于 GCR
minikube addons configure registry-creds not working for GCR
我按照docs配置了这个,它说它成功了:
创建了一个新集群
minikube start -p aged --kubernetes-version=v1.18.10
然后设置 GCR 凭据
minikube addons configure registry-creds -p aged
Do you want to enable AWS Elastic Container Registry? [y/n]: n
Do you want to enable Google Container Registry? [y/n]: y
-- Enter path to credentials (e.g. /home/user/.config/gcloud/application_default_credentials.json):/Users/meeee/.config/gcloud/application_default_credentials.json
-- Do you want to change the GCR URL (Default https://gcr.io)? [y/n]: n
Do you want to enable Docker Registry? [y/n]: n
Do you want to enable Azure Container Registry? [y/n]: n
✅ registry-creds was successfully configured
# enable
minikube addons enable registry-creds -p aged
▪ Using image upmcenterprises/registry-creds:1.10
但是当我部署时出现这个错误:
Failed to pull image "gcr.io/myproject/myimages/myimage:test": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
虽然它没有提到对 GCR 进行身份验证,但我也配置了 minikube addons enable gcp-auth
ADC文件是否存在?
/home/user/.config/gcloud/application_default_credentials.json):/Users/meeee/.config/gcloud/application_default_credentials.json
如果没有,您需要事先gcloud auth application-default login
。
并且,假设该机制在您的命名空间中创建了一个 Secret,您仍然需要使用 imagePullSecrets
。
这种方法很老套,您最好创建一个专门用于 GCR 访问的服务帐户。
以这种方式将您的用户帐户用作服务帐户,共享您用户帐户的所有权限,只要 role/storage.admin
从 GCR 中提取即可。此外,用户帐户可能绑定到多个项目,而帐户只需要访问特定项目(最好是存储桶)。
我按照docs配置了这个,它说它成功了:
创建了一个新集群
minikube start -p aged --kubernetes-version=v1.18.10
然后设置 GCR 凭据
minikube addons configure registry-creds -p aged
Do you want to enable AWS Elastic Container Registry? [y/n]: n
Do you want to enable Google Container Registry? [y/n]: y
-- Enter path to credentials (e.g. /home/user/.config/gcloud/application_default_credentials.json):/Users/meeee/.config/gcloud/application_default_credentials.json
-- Do you want to change the GCR URL (Default https://gcr.io)? [y/n]: n
Do you want to enable Docker Registry? [y/n]: n
Do you want to enable Azure Container Registry? [y/n]: n
✅ registry-creds was successfully configured
# enable
minikube addons enable registry-creds -p aged
▪ Using image upmcenterprises/registry-creds:1.10
但是当我部署时出现这个错误:
Failed to pull image "gcr.io/myproject/myimages/myimage:test": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
虽然它没有提到对 GCR 进行身份验证,但我也配置了 minikube addons enable gcp-auth
ADC文件是否存在?
/home/user/.config/gcloud/application_default_credentials.json):/Users/meeee/.config/gcloud/application_default_credentials.json
如果没有,您需要事先gcloud auth application-default login
。
并且,假设该机制在您的命名空间中创建了一个 Secret,您仍然需要使用 imagePullSecrets
。
这种方法很老套,您最好创建一个专门用于 GCR 访问的服务帐户。
以这种方式将您的用户帐户用作服务帐户,共享您用户帐户的所有权限,只要 role/storage.admin
从 GCR 中提取即可。此外,用户帐户可能绑定到多个项目,而帐户只需要访问特定项目(最好是存储桶)。