我试图将映像从我的私有注册表(港口)部署到我的Kubernetes环境。注册表已成功设置,并且已经包含我的图像。
要提供上下文信息,这是我的部署文件:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
name: sps-app
name: sps-app
spec:
replicas: 1
template:
metadata:
labels:
name: sps-app
spec:
containers:
- image: repo-harbor.test.com/sps_project/spsapp:23
env:
- name: MONGODB_URL
value: "mongodb://mongo.default.svc.cluster.local:27017/user"
name: sps-app
ports:
- containerPort: 4000
name: sps-app
imagePullSecrets:
- name: harbor
我已经使用以下命令创建了港口秘密
kubectl create secret docker-registry harbor \
--docker-server=https://repo-harbor.test.com \
--docker-username=admin \
--docker-password='xxxxxx!'
但是,当我进行部署的kubectl apply -f时,总是会发生映像拉回。
进一步调查后,我检查了Pod的日志,并指出存在x509认证错误。
Kubernetes事件:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m default-scheduler Successfully assigned default/private-image-test-1 to df56bd02-5e0e-4644-a565-c233ac2404fe
Normal Pulling 2m (x3 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe pulling image "jur01-harbor.acepod.com/sps_project/spsapp:2"
Warning Failed 2m (x3 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Failed to pull image "jur01-harbor.acepod.com/sps_project/spsapp:2": rpc error: code = Unknown desc = Error response from daemon: Get https://jur01-harbor.acepod.com/v2/: x509: certificate signed by unknown authority
Warning Failed 2m (x3 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Error: ErrImagePull
Warning Failed 2m (x4 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Error: ImagePullBackOff
Normal SandboxChanged 2m (x7 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Pod sandbox changed, it will be killed and re-created.
Normal BackOff 2m (x5 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Back-off pulling image "jur01-harbor.acepod.com/sps_project/spsapp:2"
目前,我不确定如何解决此问题。谁能解决这个问题?
答案 0 :(得分:0)
jur01-harbor.acepod.com上的映像注册表使用Docker不信任的自签名证书。
将该映像注册表提供的自定义CA证书复制到您的所有Kubernetes节点的/etc/docker/certs.d/jur01-harbor.acepod.com/目录中。