如何在gcr.io

时间:2018-08-27 13:05:35

标签: google-kubernetes-engine

我可以将docker push and pull到gcr.io

更新:如果我使用Google kubernetes引擎站点界面和部署按钮,也是一样。

更新:从这个角度升级了集群,但是没有用:Kubernetes pods failing on "Pod sandbox changed, it will be killed and re-created"

更新:要使用httpbin完全重现此内容:

gcloud auth configure-docker
docker pull kennethreitz/httpbin
docker tag kennethreitz/httpbin:latest gcr.io/<proj-id>/images/httpbin:v1.0
docker push gcr.io/<proj-id>/images/httpbin:v1.0
kubectl run test --image=gcr.io/<proj-id>/images/httpbin:v1.0

然后我得到ImagePullBackOff:

kubectl describe pod test-5f447f48f4-kcpg9
Name:           test-5f447f48f4-kcpg9
Namespace:      default
Node:           <proj-id>-cluster-default-pool-f398e01b-5kmb/10.132.0.2
Start Time:     Tue, 28 Aug 2018 09:08:43 +0200
Labels:         pod-template-hash=1900390490
                run=test
Annotations:    kubernetes.io/limit-ranger=LimitRanger plugin set: cpu request for container test
Status:         Pending
IP:             10.16.1.46
Controlled By:  ReplicaSet/test-5f447f48f4
Containers:
  test:
    Container ID:   
    Image:          gcr.io/<proj-id>/images/httpbin:v1.0
    Image ID:       
    Port:           <none>
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Requests:
      cpu:        100m
    Environment:  <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-9mcms (ro)
Conditions:
  Type           Status
  Initialized    True 
  Ready          False 
  PodScheduled   True 
Volumes:
  default-token-9mcms:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-9mcms
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason                 Age                From                                                   Message
  ----     ------                 ----               ----                                                   -------
  Normal   Scheduled              5m                 default-scheduler                                      Successfully assigned test-5f447f48f4-kcpg9 to <proj-id>-cluster-default-pool-f398e01b-5kmb
  Normal   SuccessfulMountVolume  5m                 kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb  MountVolume.SetUp succeeded for volume "default-token-9mcms"
  Normal   SandboxChanged         5m (x3 over 5m)    kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb  Pod sandbox changed, it will be killed and re-created.
  Normal   BackOff                5m (x6 over 5m)    kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb  Back-off pulling image "gcr.io/<proj-id>/images/httpbin:v1.0"
  Normal   Pulling                4m (x3 over 5m)    kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb  pulling image "gcr.io/<proj-id>/images/httpbin:v1.0"
  Warning  Failed                 4m (x3 over 5m)    kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb  Failed to pull image "gcr.io/<proj-id>/images/httpbin:v1.0": rpc error: code = Unknown desc = Error response from daemon: repository gcr.io/<proj-id>/images/httpbin not found: does not exist or no pull access
  Warning  Failed                 4m (x3 over 5m)    kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb  Error: ErrImagePull
  Warning  Failed                 31s (x23 over 5m)  kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb  Error: ImagePullBackOff

更新:同一件事在Google Cloud Shell中运行。

在Cloud Shell中:docker images,还显示图像

更新:我可以在浏览器控制台(https://console.cloud.google.com/gcr/images/projId/)中看到该图像,如果我复制该路径,则该路径与下面的路径相同-只是带有另一个项目ID。

但是     kubectl运行aName --image = gcr.io / projectid / myimages / myimage:v1.0

无法在Google Kubernetes Engine上提取图像

ImagePullBackOff

kubectl描述pod aName ...

Failed to pull image "myimages/myimage:v1.0": rpc error: code = Unknown desc = Error response from daemon: repository myimages/myimage not found: does not exist or no pull access

所以它可能是"or no pull access",但是我该如何解决?

1 个答案:

答案 0 :(得分:1)

myimages/myimage格式建议您使用的是Docker Hub。如果是这样,您可能需要使用映像拉锁(https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-in-the-cluster-that-holds-your-authorization-token)向Docker Hub进行身份验证。

如果您使用的是Google Container Registry(GCR,其图像以gcr.io/*开头),则GKE节点已经可以访问与群集相同的GCP项目中的GCR图像了-您不需要做任何事。 (但是,如果有人创建的GKE群集或节点池的默认值小于默认值--scopes,例如省略了storage-ro,则您的群集将无法从同一GCP项目中的GCR中提取图像。 )

按照https://cloud.google.com/kubernetes-engine/docs/tutorials/hello-app上的教程进行操作:

  1. 创建集群
  2. 从源代码构建图像
  3. 将其推送到GCR
  4. 部署到GKE。