我尝试部署一个我构建的docker映像,该映像不在公共或私有注册表上。
我将imagePullPolicy: IfNotPresent用于Kubernetes部署。
我使用kubeadm v1.12错误:
Normal Scheduled 35s default-scheduler Successfully assigned default/test-777dd9bc96-chgc7 to ip-10-0-1-154
Normal SandboxChanged 32s kubelet, ip-10-0-1-154 Pod sandbox changed, it will be killed and re-created.
Normal BackOff 30s (x3 over 31s) kubelet, ip-10-0-1-154 Back-off pulling image "test_kube"
Warning Failed 30s (x3 over 31s) kubelet, ip-10-0-1-154 Error: ImagePullBackOff
Normal Pulling 15s (x2 over 34s) kubelet, ip-10-0-1-154 pulling image "test"
Warning Failed 13s (x2 over 33s) kubelet, ip-10-0-1-154 Failed to pull image "test": rpc error: code = Unknown desc = Error response from daemon: pull access denied for test_kube, repository does not exist or may require 'docker login'
Warning Failed 13s (x2 over 33s) kubelet, ip-10-0-1-154 Error: ErrImagePull
我的部署文件:
apiVersion: apps/v1beta1
kind: Deployment
vmetadata:
name: test-kube
spec:
template:
metadata:
labels:
app: test
spec:
containers:
- name: test
image: test
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
env:
- name: SECRET-KUBE
valueFrom:
secretKeyRef:
name: secret-test
key: username
docker images]
REPOSITORY TAG
test latest
test test
在我尝试过的部署文件中
image:测试,并带有image:test:test
相同的错误:
错误:ErrImagePull
答案 0 :(得分:1)
OR
创建秘密和用法的详细信息:
Kubernetes集群使用docker-registry类型的Secret来通过容器注册表进行身份验证以提取私有映像。
创建此秘密,将其命名为regcred:
kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
其中:
<your-registry-server> is your Private Docker Registry FQDN. (https://index.docker.io/v1/ for DockerHub)
<your-name> is your Docker username.
<your-pword> is your Docker password.
<your-email> is your Docker email.
然后创建一个使用该秘密的吊舱:
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: <your-private-image>
imagePullSecrets:
- name: regcred
有关本地图像用例,请参见这篇文章:
答案 1 :(得分:0)
您应该在kubernetes集群的主节点上具有一个docker私有注册表,以便将pod部署在节点上以从那里拉映像。您可以在以下位置找到使用Docker私有注册表创建Kubernetes集群的步骤:Kubernetes cluster with docker private registry
6。在主节点上创建docker私有注册表
# Set basic auth.
rm -f /auth/*
mkdir -p /auth
docker run --entrypoint htpasswd registry:2 -Bbn test test > /auth/htpasswd
docker rm registry -f
# Set certificates auth.
rm -f /certs/*
mkdir -p /certs
openssl genrsa 1024 > /certs/registrykey.pem
chmod 400 /certs/registrykey.pem
openssl req -new -x509 -nodes -sha1 -days 365 -key /certs/registrykey.pem -out /certs/registry.pem -subj "/C=/ST=/L=/O=/OU=/CN=registry.com" > /dev/null 2>&1
docker run -d -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -p 5000:5000 --restart=always --name registry -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.pem -e REGISTRY_HTTP_TLS_KEY=/certs/registrykey.pem registry:2
# Create secret to be used in "imagePullSecrets" section of a pod
kubectl create secret docker-registry regsecret --docker-server=192.168.147.3:5000 --docker-username=test --docker-password=test --namespace=kube-system
# Push image in private registry.
docker tag test-image:latest 192.168.147.3:5000/test-image
docker push 192.168.147.3:5000/test-image
7。带有来自私人注册表的图片的pod的YAML示例
apiVersion: v1
kind: Pod
metadata:
name: test-site
labels:
app: web
spec:
containers:
- name: test
image: 192.168.147.3:5000/test-image:latest
ports:
- containerPort: 8000
imagePullPolicy: Always
imagePullSecrets:
- name: regsecret