本文介绍了Kubernetes imagePullSecrets 不起作用;获取“找不到图像"的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个在 AWS 上运行的现成 Kubernetes 集群,安装了 kube-up 脚本.我想运行一些位于私有 Docker Hub 存储库中的容器.但我不断收到未找到"错误:

I have an off-the-shelf Kubernetes cluster running on AWS, installed with the kube-up script. I would like to run some containers that are in a private Docker Hub repository. But I keep getting a "not found" error:

 > kubectl get pod
NAME                      READY     STATUS                                        RESTARTS   AGE
maestro-kubetest-d37hr    0/1       Error: image csats/maestro:latest not found   0          22m

我创建了一个包含 .dockercfg 文件的机密.我已经通过运行在此处发布的脚本来确认它有效:>

I've created a secret containing a .dockercfg file. I've confirmed it works by running the script posted here:

 > kubectl get secrets docker-hub-csatsinternal -o yaml | grep dockercfg: | cut -f 2 -d : | base64 -D > ~/.dockercfg
 > docker pull csats/maestro
latest: Pulling from csats/maestro

我已经确认我没有使用 新格式的 .dockercfg 脚本,我的看起来像这样:

I've confirmed I'm not using the new format of .dockercfg script, mine looks like this:

> cat ~/.dockercfg
{"https://index.docker.io/v1/":{"auth":"REDACTED BASE64 STRING HERE","email":"[email protected]"}}

我尝试过在 Debian 而不是 OS X 上运行 Base64 编码,没有运气.(正如预期的那样,它产生相同的字符串.)

I've tried running the Base64 encode on Debian instead of OS X, no luck there. (It produces the same string, as might be expected.)

这是我的复制控制器的 YAML:

Here's the YAML for my Replication Controller:

---
kind: "ReplicationController"
apiVersion: "v1"
metadata:
  name: "maestro-kubetest"
spec:
  replicas: 1
  selector:
    app: "maestro"
    ecosystem: "kubetest"
    version: "1"
  template:
    metadata:
      labels:
        app: "maestro"
        ecosystem: "kubetest"
        version: "1"
    spec:
      imagePullSecrets:
        - name: "docker-hub-csatsinternal"
      containers:
        - name: "maestro"
          image: "csats/maestro"
          imagePullPolicy: "Always"

      restartPolicy: "Always"
      dnsPolicy: "ClusterFirst"

kubectl 版本:

Client Version: version.Info{Major:"1", Minor:"0", GitVersion:"v1.0.3", GitCommit:"61c6ac5f350253a4dc002aee97b7db7ff01ee4ca", GitTreeState:"clean"}
Server Version: version.Info{Major:"1", Minor:"0", GitVersion:"v1.0.3", GitCommit:"61c6ac5f350253a4dc002aee97b7db7ff01ee4ca", GitTreeState:"clean"}

有什么想法吗?

推荐答案

Docker 在 ~/.docker/ 中生成一个 config.json 文件看起来像:

Docker generates a config.json file in ~/.docker/It looks like:

{
    "auths": {
        "index.docker.io/v1/": {
            "auth": "ZmFrZXBhc3N3b3JkMTIK",
            "email": "[email protected]"
        }
    }
}

你真正想要的是:

{"https://index.docker.io/v1/": {"auth": "XXXXXXXXXXXXXX", "email": "[email protected]"}}

注意 3 件事:

  • 1) 没有 auths 包装
  • 2) 前面有https://网址
  • 3) 它是一行
  • 1) there is no auths wrapping
  • 2) there is https:// in front of theURL
  • 3) it's one line

然后你base64编码并用作.dockercfg名称的数据

then you base64 encode that and use as data for the .dockercfg name

apiVersion: v1
kind: Secret
metadata:
  name: registry
data:
  .dockercfg: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==
type: kubernetes.io/dockercfg

再次注意 .dockercfg 行是一行(base64 倾向于生成多行字符串)

Note again the .dockercfg line is one line (base64 tends to generate a multi-line string)

这篇关于Kubernetes imagePullSecrets 不起作用;获取“找不到图像"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-01 13:09