时间戳

首页 > 解决方案 > 来自守护程序的错误响应:获取 https://docker.intra/v2/main/manifests/3.64.0:未知:凭据错误

docker - 来自守护程序的错误响应:获取 https://docker.intra/v2/main/manifests/3.64.0:未知:凭据错误

问题描述

我们使用 Artifactory 作为所有外部 docker 注册表的中心。我们有不同的环境,都从同一个 url 拉取https://docker.intra。我们突然遇到一种情况,某个图像不再被拉取,但出现此错误

ErrImagePull: rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials

实际上

Warning     Failed  Error: ImagePullBackOff     2 minutes ago
Normal  BackOff     Back-off pulling image "docker.intra/main:3.64.0"   5 minutes ago
Normal  Pulling     Pulling image "docker.intra/main:3.64.0"    6 minutes ago
Warning     Failed  Error: ErrImagePull     6 minutes ago
Warning     Failed  Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: This request is blocked due to recurrent login failures, please try again in 4 seconds    6 minutes ago
Warning     Failed  Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: Bad credentials   6 minutes ago
Warning     Failed  Failed to pull image "docker.intra/main:3.64.0": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.intra/v2/main/manifests/3.64.0: unknown: This request is blocked due to recurrent login failures, please try again in 3 seconds    7 minutes ago
Normal  Scheduled   Successfully assigned stackrox/central-6487fdc867-jq4j5 to k8s0001  7 minutes ago

但是,我可以从提到的节点中成功下载图像k8s0001

[papanito@k8s0001 ~]$ docker pull docker.intra/main:3.64.0

    3.64.0: Pulling from main
    29291e31a76a: Pulling fs layer
    ...
    bcabcd2816e8: Pull complete
    Digest: sha256:d03c7cf13b296d8e75529651edae6f08c56144bc090ad79baddccebc07c5a491
    Status: Downloaded newer image for docker.intra/main:3.64.0

没有定义身份验证,不应该是必需的。这里daemon.json

{
    "insecure-registries": null,
    "log-driver": "json-file",
    "data-root": "/mnt/data/docker",
    "log-opts": {
    "max-size": "50m"
    },
    "log-level": "info",
    "storage-driver": "overlay2",
    "icc": false,
    "registry-mirrors": [
    "https://docker.intra"
    ],
    "userland-proxy": false,
    "no-new-privileges": false,
    "live-restore": true
}

我想知道“Bad Credentials”从何而来,为什么同一集群中的其他图像下载成功!?

标签: dockerkubernetesartifactory

解决方案

这种行为的根本原因尚不清楚,但它似乎与命名空间有关。在另一个命名空间中拉取 docker 图像可以正常工作。如果将应用程序部署在新的命名空间中,则同样有效。

或者,您也可以完全删除 ns 然后重新创建它。

推荐阅读