本文介绍了Kubernetes PullImageError使用带有私有映像的Docker Hub的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在努力让Kubernetes与我的私有hub.docker.com注册表映像一起使用.

我正在使用kubectl版本:Client Version: version.Info{Major:"1", Minor:"1+", GitVersion:"v1.1.0-alpha.0.1588+e44c8e6661c931", GitCommit:"e44c8e6661c931f7fd434911b0d3bca140e1df3a", GitTreeState:"clean"}Server Version: version.Info{Major:"1", Minor:"1", GitVersion:"v1.1.3", GitCommit:"6a81b50c7e97bbe0ade075de55ab4fa34f049dc2", GitTreeState:"clean"}

Mac OS X Yosemite 10.10.5

上的

和Vagrant 1.7.4

我按照此处给出的说明进行操作: https://github.com/kubernetes/kubernetes/blob/release-1.1/docs/user-guide/images.md#pre-pulling-images

简而言之,它说您应该登录到注册表,然后对结果.docker/config.json的内容进行base64编码,并在yaml文档中使用它,如下所示:

apiVersion: v1
kind: Secret
metadata:
  name: myregistrykey
data:
  .dockercfg: eyAiYXV0aHMiOiB7ICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7ICJhdXRoIjogImFXNTBjbWx1YzJsak9tSTJVVTR5Z...h1YkBpbnRyaW5zaWMud29ybGQiIH0gfSB9Cg==
type: kubernetes.io/dockercfg

然后将其提供给kubectl.然后,我在pod定义中使用了生成的密钥(此处称为myregistrykey):

apiVersion: v1
kind: Pod
metadata:
  name: authorities-backend
spec:
  containers:
    - name: authorities-backend
      image: intrinsic/authorities-backend:latest
  imagePullSecrets:
    - name: myregistrykey

kubectl create将其删除.

但是,kubectl仍然无法检索图像:

[root@kubernetes-master intrinsic]# kubectl get pods
NAME                  READY     STATUS           RESTARTS   AGE
authorities-backend   0/1       PullImageError   0          7m

泊坞窗拉Kubernetes主机工作正常.

我想念什么?

更新

在上面的pod定义中,我省略了指定注册表主机的名称,即docker.io.对其进行修复,它将变成:image: docker.io/intrinsic/authorities-backend:latest但是,问题仍然存在.做kubectl get events -w让我知道:6s 0s 2 authorities-backend Pod spec.containers{authorities-backend} Failed {kubelet 10.245.1.3} Failed to pull image "docker.io/intrinsic/authorities-backend": image pull failed for docker.io/intrinsic/authorities-backend, this may be because there are no credentials on this request. details: (Error: image intrinsic/authorities-backend:latest not found)我知道此机密已正确注册,因为我在kubectl get secrets下有此机密:NAME TYPE DATA AGEdefault-token-a7s5n kubernetes.io/service-account-token 2 51mmyregistrykey kubernetes.io/dockercfg 1 50m

还是很困惑...

Candide

解决方案

该文档已过时,因为它引用的是.dockercfg而不是.docker/config.json.我将对其进行更新.

使用新的.docker/config.json格式时,需要设置type: kubernetes.io/dockerconfigjson而不是type: kubernetes.io/.dockercfg.

v1.1.0中添加了

type: kubernetes.io/dockerconfigjson的支持,因此服务器支持它,但客户端不支持(c1.1.0-alpha早于v1.1.0).

使用type: kubernetes.io/dockerconfigjson时,它应该验证您的机密内容.

对于type: kubernetes.io/dockerconfigjson,您确实希望保留auths包装器.

I'm struggling to get Kubernetes to work with my private hub.docker.com registry image.

I am using kubectl version: Client Version: version.Info{Major:"1", Minor:"1+", GitVersion:"v1.1.0-alpha.0.1588+e44c8e6661c931", GitCommit:"e44c8e6661c931f7fd434911b0d3bca140e1df3a", GitTreeState:"clean"}Server Version: version.Info{Major:"1", Minor:"1", GitVersion:"v1.1.3", GitCommit:"6a81b50c7e97bbe0ade075de55ab4fa34f049dc2", GitTreeState:"clean"}

and Vagrant 1.7.4 on Mac OS X Yosemite 10.10.5

I followed the instructions given here: https://github.com/kubernetes/kubernetes/blob/release-1.1/docs/user-guide/images.md#pre-pulling-images

In a nutshell, it says you should login to the registry then base64 encode the contents of the resulting .docker/config.json, and use that in a yaml document as follows:

apiVersion: v1
kind: Secret
metadata:
  name: myregistrykey
data:
  .dockercfg: eyAiYXV0aHMiOiB7ICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7ICJhdXRoIjogImFXNTBjbWx1YzJsak9tSTJVVTR5Z...h1YkBpbnRyaW5zaWMud29ybGQiIH0gfSB9Cg==
type: kubernetes.io/dockercfg

Then feed that to kubectl. I then used the resulting key (here called myregistrykey) in my pod definition:

apiVersion: v1
kind: Pod
metadata:
  name: authorities-backend
spec:
  containers:
    - name: authorities-backend
      image: intrinsic/authorities-backend:latest
  imagePullSecrets:
    - name: myregistrykey

and kubectl created it.

However, kubectl keeps failing to retrieve the image:

[root@kubernetes-master intrinsic]# kubectl get pods
NAME                  READY     STATUS           RESTARTS   AGE
authorities-backend   0/1       PullImageError   0          7m

docker pull on the Kubernetes master worked however.

What am I missing?

UPDATE

In the pod definition above, I had omitted to specify the registry host, i.e. docker.io. Fixing it, it becomes:image: docker.io/intrinsic/authorities-backend:latestHowever, the problem persists. Doing kubectl get events -w gets me:6s 0s 2 authorities-backend Pod spec.containers{authorities-backend} Failed {kubelet 10.245.1.3} Failed to pull image "docker.io/intrinsic/authorities-backend": image pull failed for docker.io/intrinsic/authorities-backend, this may be because there are no credentials on this request. details: (Error: image intrinsic/authorities-backend:latest not found)I know the secret has been properly registered, as I have it under kubectl get secrets:NAME TYPE DATA AGEdefault-token-a7s5n kubernetes.io/service-account-token 2 51mmyregistrykey kubernetes.io/dockercfg 1 50m

Still confused...

Candide

解决方案

The documentation is out of date, in that it refers to .dockercfg instead of .docker/config.json. I will update it.

When you use the new .docker/config.json format, you need to set type: kubernetes.io/dockerconfigjson instead of type: kubernetes.io/.dockercfg.

Support for type: kubernetes.io/dockerconfigjson was added in v1.1.0 so it is supported by your server, but is not supported by your client (which is v1.1.0-alpha which predates v1.1.0).

When you use type: kubernetes.io/dockerconfigjson, it should validate your secret contents.

With type: kubernetes.io/dockerconfigjson, you do want to keep the auths wrapper.

这篇关于Kubernetes PullImageError使用带有私有映像的Docker Hub的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-01 21:32