kubernetes - Kubernetes 从 GCR 私有仓库下载镜像
问题描述
我正在尝试使用存储在 Google Cloud Platform 上的图像启动 kube 部署,我可以使用 docker 手动下载它,docker pull gcr.io/<project>/toolkit-image
权限在那里,一个简单的部署说
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 47s default-scheduler Successfully assigned default/testimage-jenkins-5bdc57567f-ss5qh to minikube
Normal BackOff 17s (x3 over 45s) kubelet, minikube Back-off pulling image "gcr.io/toolkit-image:latest"
Warning Failed 17s (x3 over 45s) kubelet, minikube Error: ImagePullBackOff
Normal Pulling 6s (x3 over 46s) kubelet, minikube Pulling image "gcr.io/toolkit-image:latest"
Warning Failed 6s (x3 over 45s) kubelet, minikube Failed to pull image "gcr.io/toolkit-image:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://gcr.io/v2/toolkit-image/manifests/latest: unknown: Project 'project:toolkit-image' not found or deleted.
Warning Failed 6s (x3 over 45s) kubelet, minikube Error: ErrImagePull
和我的价值观
master:
adminPassword: <testr_pass>
resources:
limits:
cpu: 500m
memory: 1Gi
podLabels:
nodePort: 32323
serviceType: ClusterIP
image: "gcr.io/<project>/toolkit-image"
tag: "latest"
rbac:
create: true
如果我尝试在 gcr.io/project/toolkit-image 中使用或不使用 \project\ val 进行拉动,也会发生同样的情况
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 53s default-scheduler Successfully assigned default/testimage-jenkins-f5856f9c9-65prx to minikube
Normal BackOff 22s (x2 over 49s) kubelet, minikube Back-off pulling image "gcr.io/<project>/toolkit-image:latest"
Warning Failed 22s (x2 over 49s) kubelet, minikube Error: ImagePullBackOff
Normal Pulling 7s (x3 over 52s) kubelet, minikube Pulling image "gcr.io/<project>/toolkit-image:latest"
Warning Failed 5s (x3 over 49s) kubelet, minikube Failed to pull image "gcr.io/<project>/toolkit-image:latest": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
Warning Failed 5s (x3 over 49s) kubelet, minikube Error: ErrImagePull
有什么想法可以让 kubectl 看到私有的 Google Cloud Platform Repository 吗?
PS:
gcloud auth configure-docker
这个验证命令根本没有帮助
解决方案
如果您的私有注册表需要身份验证,则需要配置imagePullSecrets
.
见https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
推荐阅读
- babeljs - 同时使用 .babelrc 和 babel.config.js
- java - Wildfly 15 从 jax rs 登录用户获取 Singleton 中的 EJBContext
- android-studio - 默认工具栏和状态栏未显示在 android studio 3.3 中的 xml 预览中
- r - R Shiny 没有上传
- java - Swagger codegen 不生成带有 JAXB 注释的模型类
- java - 如何设置 Mockito 模拟以对多个不同的方法调用使用相同的答案
- python - 无法将 Celery 任务日志推送到 Google Cloud(stackdriver)
- debugging - OTS 解析错误:CFF2:未对齐的表
- vbscript - 在文本文件顶部插入行无法使用 VBScript
- qt - 请求 http URL 时,QT 报告“QNetworkReplyHttpImplPrivate::_q_startOperation 被多次调用”