我可以将docker push and pull到gcr.io
gcloud auth configure-docker
docker pull kennethreitz/httpbin
docker tag kennethreitz/httpbin:latest gcr.io/<proj-id>/images/httpbin:v1.0
docker push gcr.io/<proj-id>/images/httpbin:v1.0
kubectl run test --image=gcr.io/<proj-id>/images/httpbin:v1.0
kubectl describe pod test-5f447f48f4-kcpg9
Name: test-5f447f48f4-kcpg9
Namespace: default
Node: <proj-id>-cluster-default-pool-f398e01b-5kmb/10.132.0.2
Start Time: Tue, 28 Aug 2018 09:08:43 +0200
Labels: pod-template-hash=1900390490
run=test
Annotations: kubernetes.io/limit-ranger=LimitRanger plugin set: cpu request for container test
Status: Pending
IP: 10.16.1.46
Controlled By: ReplicaSet/test-5f447f48f4
Containers:
test:
Container ID:
Image: gcr.io/<proj-id>/images/httpbin:v1.0
Image ID:
Port: <none>
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Requests:
cpu: 100m
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-9mcms (ro)
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
Volumes:
default-token-9mcms:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-9mcms
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 5m default-scheduler Successfully assigned test-5f447f48f4-kcpg9 to <proj-id>-cluster-default-pool-f398e01b-5kmb
Normal SuccessfulMountVolume 5m kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb MountVolume.SetUp succeeded for volume "default-token-9mcms"
Normal SandboxChanged 5m (x3 over 5m) kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb Pod sandbox changed, it will be killed and re-created.
Normal BackOff 5m (x6 over 5m) kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb Back-off pulling image "gcr.io/<proj-id>/images/httpbin:v1.0"
Normal Pulling 4m (x3 over 5m) kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb pulling image "gcr.io/<proj-id>/images/httpbin:v1.0"
Warning Failed 4m (x3 over 5m) kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb Failed to pull image "gcr.io/<proj-id>/images/httpbin:v1.0": rpc error: code = Unknown desc = Error response from daemon: repository gcr.io/<proj-id>/images/httpbin not found: does not exist or no pull access
Warning Failed 4m (x3 over 5m) kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb Error: ErrImagePull
Warning Failed 31s (x23 over 5m) kubelet, <proj-id>-cluster-default-pool-f398e01b-5kmb Error: ImagePullBackOff
在Cloud Shell中:docker images
,还显示图像
更新:我可以在浏览器控制台(https://console.cloud.google.com/gcr/images/projId/)中看到该图像,如果我复制该路径,则该路径与下面的路径相同-只是带有另一个项目ID。
但是 kubectl运行aName --image = gcr.io / projectid / myimages / myimage:v1.0
无法在Google Kubernetes Engine上提取图像
ImagePullBackOff
kubectl描述pod aName ...
Failed to pull image "myimages/myimage:v1.0": rpc error: code = Unknown desc = Error response from daemon: repository myimages/myimage not found: does not exist or no pull access
所以它可能是"or no pull access"
,但是我该如何解决?
答案 0 :(得分:1)
myimages/myimage
格式建议您使用的是Docker Hub。如果是这样,您可能需要使用映像拉锁(https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-in-the-cluster-that-holds-your-authorization-token)向Docker Hub进行身份验证。
如果您使用的是Google Container Registry(GCR,其图像以gcr.io/*
开头),则GKE节点已经可以访问与群集相同的GCP项目中的GCR图像了-您不需要做任何事。 (但是,如果有人创建的GKE群集或节点池的默认值小于默认值--scopes
,例如省略了storage-ro
,则您的群集将无法从同一GCP项目中的GCR中提取图像。 )
按照https://cloud.google.com/kubernetes-engine/docs/tutorials/hello-app上的教程进行操作: