ErrImageNeverPull:容器映像 "myjenkins:latest" 不存在,拉取策略为从不
ErrImageNeverPull: Container image "myjenkins:latest" is not present with pull policy of Never
我正在学习有关 运行ning jenkins 在您的 kubernetes 集群上的教程。在本教程中,他们使用的是 minikube,而对于我现有的集群,它是 运行ning on eks。当我应用我的 jenkins.yaml 文件时,它创建的 pod 收到此错误
Normal Scheduled 27m default-scheduler Successfully assigned default/jenkins-799666d8db-ft642 to ip-192-168-84-126.us-west-2.compute.internal
Warning Failed 24m (x12 over 27m) kubelet Error: ErrImageNeverPull
Warning ErrImageNeverPull 114s (x116 over 27m) kubelet Container image "myjenkins:latest" is not present with pull policy of Never
这是对 pod 的描述 ^
这是我的 jenkins.yaml 文件,我试图在我的集群上 运行 jenkins
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: default
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
namespace: default
rules:
- apiGroups: [""]
resources: ["pods","services"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["create","delete","get","list","patch","update","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
---
# Allows jenkins to create persistent volumes
# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins-crb
subjects:
- kind: ServiceAccount
namespace: default
name: jenkins
roleRef:
kind: ClusterRole
name: jenkinsclusterrole
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
# "namespace" omitted since ClusterRoles are not namespaced
name: jenkinsclusterrole
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["create","delete","get","list","patch","update","watch"]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: default
spec:
selector:
matchLabels:
app: jenkins
replicas: 1
template:
metadata:
labels:
app: jenkins
spec:
containers:
- name: jenkins
image: myjenkins:latest
env:
- name: JAVA_OPTS
value: -Djenkins.install.runSetupWizard=false
ports:
- name: http-port
containerPort: 8080
- name: jnlp-port
containerPort: 50000
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
- name: docker-sock-volume
mountPath: "/var/run/docker.sock"
imagePullPolicy: Never
volumes:
# This allows jenkins to use the docker daemon on the host, for running builds
# see
- name: docker-sock-volume
hostPath:
path: /var/run/docker.sock
- name: jenkins-home
hostPath:
path: /mnt/jenkins-store
serviceAccountName: jenkins
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: default
spec:
type: NodePort
ports:
- name: ui
port: 8080
targetPort: 8080
nodePort: 31000
- name: jnlp
port: 50000
targetPort: 50000
selector:
app: jenkins
编辑:
到目前为止,我尝试删除 imagePullPolicy: Never 并再次尝试,但出现了不同的错误
Warning Failed 17s (x2 over 32s) kubelet Failed to pull image "myjenkins:latest": rpc error: code = Unknown desc = Error response from daemon: pull access denied for myjenkins, repository does not exist or may re
quire 'docker login': denied: requested access to the resource is denied
我试过 运行宁 docker 登录和登录,但我仍然遇到同样的错误 ^。我尝试将 imagePullPolicy: Never 更改为 Always 并收到相同的错误
将图像更改为 jenkins/jenkins 后:它仍然崩溃,当我描述时,它是这样说的
Normal Scheduled 4m37s default-scheduler Successfully assigned default/jenkins-776574886b-x2l8p to ip-192-168-77-17.us-west-2.compute.internal
Normal Pulled 4m26s kubelet Successfully pulled image "jenkins/jenkins:lts" in 11.07948886s
Normal Pulled 4m22s kubelet Successfully pulled image "jenkins/jenkins:lts" in 908.246481ms
Normal Pulled 4m7s kubelet Successfully pulled image "jenkins/jenkins:lts" in 885.936781ms
Normal Created 3m39s (x4 over 4m23s) kubelet Created container jenkins
Normal Started 3m39s (x4 over 4m23s) kubelet Started container jenkins
Normal Pulled 3m39s kubelet Successfully pulled image "jenkins/jenkins:lts" in 895.651242ms
Warning BackOff 3m3s (x8 over 4m20s) kubelet Back-off restarting failed container
当我尝试 运行 在那个 pod 上“kubectl logs”时,我什至得到了一个错误,这是我以前在获取日志时从未收到过的
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
还必须将我的 jenkins volumount 更改为这个并且它起作用了!
我在网上找到另一个资源,说要将我的 jenkins 卷挂载更改为此以解决权限问题,我的容器现在可以工作了
`
volumeMounts:
- mountPath: /var
name: jenkins-volume
subPath: jenkins_home`
正如您已经做的那样,删除 imagePullPolicy: Never 将解决您的第一个问题。您的第二个问题来自于您试图拉取一个名为 myjenkins:latest 的图像,该图像不存在。您最有可能想要的是 this image.
改变
image: myjenkins:latest
到
image: jenkins/jenkins:lts
我正在学习有关 运行ning jenkins 在您的 kubernetes 集群上的教程。在本教程中,他们使用的是 minikube,而对于我现有的集群,它是 运行ning on eks。当我应用我的 jenkins.yaml 文件时,它创建的 pod 收到此错误
Normal Scheduled 27m default-scheduler Successfully assigned default/jenkins-799666d8db-ft642 to ip-192-168-84-126.us-west-2.compute.internal
Warning Failed 24m (x12 over 27m) kubelet Error: ErrImageNeverPull
Warning ErrImageNeverPull 114s (x116 over 27m) kubelet Container image "myjenkins:latest" is not present with pull policy of Never
这是对 pod 的描述 ^
这是我的 jenkins.yaml 文件,我试图在我的集群上 运行 jenkins
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: default
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
namespace: default
rules:
- apiGroups: [""]
resources: ["pods","services"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["create","delete","get","list","patch","update","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
---
# Allows jenkins to create persistent volumes
# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins-crb
subjects:
- kind: ServiceAccount
namespace: default
name: jenkins
roleRef:
kind: ClusterRole
name: jenkinsclusterrole
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
# "namespace" omitted since ClusterRoles are not namespaced
name: jenkinsclusterrole
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["create","delete","get","list","patch","update","watch"]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: default
spec:
selector:
matchLabels:
app: jenkins
replicas: 1
template:
metadata:
labels:
app: jenkins
spec:
containers:
- name: jenkins
image: myjenkins:latest
env:
- name: JAVA_OPTS
value: -Djenkins.install.runSetupWizard=false
ports:
- name: http-port
containerPort: 8080
- name: jnlp-port
containerPort: 50000
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
- name: docker-sock-volume
mountPath: "/var/run/docker.sock"
imagePullPolicy: Never
volumes:
# This allows jenkins to use the docker daemon on the host, for running builds
# see
- name: docker-sock-volume
hostPath:
path: /var/run/docker.sock
- name: jenkins-home
hostPath:
path: /mnt/jenkins-store
serviceAccountName: jenkins
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: default
spec:
type: NodePort
ports:
- name: ui
port: 8080
targetPort: 8080
nodePort: 31000
- name: jnlp
port: 50000
targetPort: 50000
selector:
app: jenkins
编辑:
到目前为止,我尝试删除 imagePullPolicy: Never 并再次尝试,但出现了不同的错误
Warning Failed 17s (x2 over 32s) kubelet Failed to pull image "myjenkins:latest": rpc error: code = Unknown desc = Error response from daemon: pull access denied for myjenkins, repository does not exist or may re
quire 'docker login': denied: requested access to the resource is denied
我试过 运行宁 docker 登录和登录,但我仍然遇到同样的错误 ^。我尝试将 imagePullPolicy: Never 更改为 Always 并收到相同的错误
将图像更改为 jenkins/jenkins 后:它仍然崩溃,当我描述时,它是这样说的
Normal Scheduled 4m37s default-scheduler Successfully assigned default/jenkins-776574886b-x2l8p to ip-192-168-77-17.us-west-2.compute.internal
Normal Pulled 4m26s kubelet Successfully pulled image "jenkins/jenkins:lts" in 11.07948886s
Normal Pulled 4m22s kubelet Successfully pulled image "jenkins/jenkins:lts" in 908.246481ms
Normal Pulled 4m7s kubelet Successfully pulled image "jenkins/jenkins:lts" in 885.936781ms
Normal Created 3m39s (x4 over 4m23s) kubelet Created container jenkins
Normal Started 3m39s (x4 over 4m23s) kubelet Started container jenkins
Normal Pulled 3m39s kubelet Successfully pulled image "jenkins/jenkins:lts" in 895.651242ms
Warning BackOff 3m3s (x8 over 4m20s) kubelet Back-off restarting failed container
当我尝试 运行 在那个 pod 上“kubectl logs”时,我什至得到了一个错误,这是我以前在获取日志时从未收到过的
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
还必须将我的 jenkins volumount 更改为这个并且它起作用了!
我在网上找到另一个资源,说要将我的 jenkins 卷挂载更改为此以解决权限问题,我的容器现在可以工作了 `
volumeMounts:
- mountPath: /var
name: jenkins-volume
subPath: jenkins_home`
正如您已经做的那样,删除 imagePullPolicy: Never 将解决您的第一个问题。您的第二个问题来自于您试图拉取一个名为 myjenkins:latest 的图像,该图像不存在。您最有可能想要的是 this image.
改变
image: myjenkins:latest
到
image: jenkins/jenkins:lts