问题描述
我正在努力让Kubernetes与我的私有hub.docker.com注册表映像一起使用.
我正在使用kubectl版本:Client Version: version.Info{Major:"1", Minor:"1+", GitVersion:"v1.1.0-alpha.0.1588+e44c8e6661c931", GitCommit:"e44c8e6661c931f7fd434911b0d3bca140e1df3a", GitTreeState:"clean"}Server Version: version.Info{Major:"1", Minor:"1", GitVersion:"v1.1.3", GitCommit:"6a81b50c7e97bbe0ade075de55ab4fa34f049dc2", GitTreeState:"clean"}
Yosemite 10.10.5
上的和Vagrant 1.7.4
我按照此处给出的说明进行操作: https://github.com/kubernetes/kubernetes/blob/release-1.1/docs/user-guide/images.md#pre-pulling-images
简而言之,它说您应该登录到注册表,然后对结果.docker/config.json
的内容进行base64编码,并在yaml文档中使用它,如下所示:
apiVersion: v1
kind: Secret
metadata:
name: myregistrykey
data:
.dockercfg: eyAiYXV0aHMiOiB7ICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7ICJhdXRoIjogImFXNTBjbWx1YzJsak9tSTJVVTR5Z...h1YkBpbnRyaW5zaWMud29ybGQiIH0gfSB9Cg==
type: kubernetes.io/dockercfg
然后将其提供给kubectl.然后,我在pod定义中使用了生成的密钥(此处称为myregistrykey
):
apiVersion: v1
kind: Pod
metadata:
name: authorities-backend
spec:
containers:
- name: authorities-backend
image: intrinsic/authorities-backend:latest
imagePullSecrets:
- name: myregistrykey
并kubectl create
将其删除.
但是,kubectl仍然无法检索图像:
[root@kubernetes-master intrinsic]# kubectl get pods
NAME READY STATUS RESTARTS AGE
authorities-backend 0/1 PullImageError 0 7m
泊坞窗拉Kubernetes主机工作正常.
我想念什么?
更新
在上面的pod定义中,我省略了指定注册表主机的名称,即docker.io.对其进行修复,它将变成:image: docker.io/intrinsic/authorities-backend:latest
但是,问题仍然存在.做kubectl get events -w
让我知道:6s 0s 2 authorities-backend Pod spec.containers{authorities-backend} Failed {kubelet 10.245.1.3} Failed to pull image "docker.io/intrinsic/authorities-backend": image pull failed for docker.io/intrinsic/authorities-backend, this may be because there are no credentials on this request. details: (Error: image intrinsic/authorities-backend:latest not found)
我知道此机密已正确注册,因为我在kubectl get secrets
下有此机密:NAME TYPE DATA AGEdefault-token-a7s5n kubernetes.io/service-account-token 2 51mmyregistrykey kubernetes.io/dockercfg 1 50m
还是很困惑...
Candide
该文档已过时,因为它引用的是.dockercfg
而不是.docker/config.json
.我将对其进行更新.
使用新的.docker/config.json
格式时,需要设置type: kubernetes.io/dockerconfigjson
而不是type: kubernetes.io/.dockercfg
.
对type: kubernetes.io/dockerconfigjson
的支持,因此服务器支持它,但客户端不支持(c1.1.0-alpha早于v1.1.0).
使用type: kubernetes.io/dockerconfigjson
时,它应该验证您的机密内容.
对于type: kubernetes.io/dockerconfigjson
,您确实希望保留auths
包装器.
I'm struggling to get Kubernetes to work with my private hub.docker.com registry image.
I am using kubectl version: Client Version: version.Info{Major:"1", Minor:"1+", GitVersion:"v1.1.0-alpha.0.1588+e44c8e6661c931", GitCommit:"e44c8e6661c931f7fd434911b0d3bca140e1df3a", GitTreeState:"clean"}Server Version: version.Info{Major:"1", Minor:"1", GitVersion:"v1.1.3", GitCommit:"6a81b50c7e97bbe0ade075de55ab4fa34f049dc2", GitTreeState:"clean"}
and Vagrant 1.7.4
on Mac OS X Yosemite 10.10.5
I followed the instructions given here: https://github.com/kubernetes/kubernetes/blob/release-1.1/docs/user-guide/images.md#pre-pulling-images
In a nutshell, it says you should login to the registry then base64 encode the contents of the resulting .docker/config.json
, and use that in a yaml document as follows:
apiVersion: v1
kind: Secret
metadata:
name: myregistrykey
data:
.dockercfg: eyAiYXV0aHMiOiB7ICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7ICJhdXRoIjogImFXNTBjbWx1YzJsak9tSTJVVTR5Z...h1YkBpbnRyaW5zaWMud29ybGQiIH0gfSB9Cg==
type: kubernetes.io/dockercfg
Then feed that to kubectl. I then used the resulting key (here called myregistrykey
) in my pod definition:
apiVersion: v1
kind: Pod
metadata:
name: authorities-backend
spec:
containers:
- name: authorities-backend
image: intrinsic/authorities-backend:latest
imagePullSecrets:
- name: myregistrykey
and kubectl create
d it.
However, kubectl keeps failing to retrieve the image:
[root@kubernetes-master intrinsic]# kubectl get pods
NAME READY STATUS RESTARTS AGE
authorities-backend 0/1 PullImageError 0 7m
docker pull on the Kubernetes master worked however.
What am I missing?
UPDATE
In the pod definition above, I had omitted to specify the registry host, i.e. docker.io. Fixing it, it becomes:image: docker.io/intrinsic/authorities-backend:latest
However, the problem persists. Doing kubectl get events -w
gets me:6s 0s 2 authorities-backend Pod spec.containers{authorities-backend} Failed {kubelet 10.245.1.3} Failed to pull image "docker.io/intrinsic/authorities-backend": image pull failed for docker.io/intrinsic/authorities-backend, this may be because there are no credentials on this request. details: (Error: image intrinsic/authorities-backend:latest not found)
I know the secret has been properly registered, as I have it under kubectl get secrets
:NAME TYPE DATA AGEdefault-token-a7s5n kubernetes.io/service-account-token 2 51mmyregistrykey kubernetes.io/dockercfg 1 50m
Still confused...
Candide
The documentation is out of date, in that it refers to .dockercfg
instead of .docker/config.json
. I will update it.
When you use the new .docker/config.json
format, you need to set type: kubernetes.io/dockerconfigjson
instead of type: kubernetes.io/.dockercfg
.
Support for type: kubernetes.io/dockerconfigjson
was added in v1.1.0 so it is supported by your server, but is not supported by your client (which is v1.1.0-alpha which predates v1.1.0).
When you use type: kubernetes.io/dockerconfigjson
, it should validate your secret contents.
With type: kubernetes.io/dockerconfigjson
, you do want to keep the auths
wrapper.
这篇关于Kubernetes PullImageError使用带有私有映像的Docker Hub的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!