为什么Kubernetes没有将我的秘密附加到我的Pod中?

时间:2018-09-28 19:55:33

标签: docker kubernetes

我已经按照Kubernetes的建议创建了我的秘密,并按照教程进行了操作,但是pod并没有附加我的秘密。

如您所见,我创建并描述了秘密。 创建完广告连播之后。

throw

我该如何解决?

编辑

这是我的豆荚:

$ kubectl get secret my-secret --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
{"auths":{"my-private-repo.com":{"username":"<username>","password":"<password>","email":"<email>","auth":"<randomAuth>="}}}

$ kubectl create -f my-pod.yaml
pod "my-pod" created

$ kubectl describe pods trunfo
Name:         my-pod
Namespace:    default
Node:         gke-trunfo-default-pool-07eea2fb-3bh9/10.233.224.3
Start Time:   Fri, 28 Sep 2018 16:41:59 -0300
Labels:       <none>
Annotations:  kubernetes.io/limit-ranger=LimitRanger plugin set: cpu request for container container-trunfo
Status:       Pending
IP:           10.10.1.37
Containers:
  container-trunfo:
    Container ID:   
    Image:          <my-image>
    Image ID:       
    Port:           9898/TCP
    State:          Waiting
      Reason:       ErrImagePull
    Ready:          False
    Restart Count:  0
    Requests:
      cpu:        100m
    Environment:  <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-hz4mf (ro)
Conditions:
  Type           Status
  Initialized    True 
  Ready          False 
  PodScheduled   True 
Volumes:
  default-token-hz4mf:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-hz4mf
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason                 Age   From                                            Message
  ----     ------                 ----  ----                                            -------
  Normal   Scheduled              4s    default-scheduler                               Successfully assigned trunfo to gke-trunfo-default-pool-07eea2fb-3bh9
  Normal   SuccessfulMountVolume  4s    kubelet, gke-trunfo-default-pool-07eea2fb-3bh9  MountVolume.SetUp succeeded for volume "default-token-hz4mf"
  Normal   Pulling                3s    kubelet, gke-trunfo-default-pool-07eea2fb-3bh9  pulling image "my-private-repo.com/my-image:latest"
  Warning  Failed                 3s    kubelet, gke-trunfo-default-pool-07eea2fb-3bh9  Failed to pull image "my-private-repo.com/my-image:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://my-private-repo.com/v1/_ping: dial tcp: lookup my-private-repo.com on 169.254.169.254:53: no such host
  Warning  Failed                 3s    kubelet, gke-trunfo-default-pool-07eea2fb-3bh9  Error: ErrImagePull
  Normal   BackOff                3s    kubelet, gke-trunfo-default-pool-07eea2fb-3bh9  Back-off pulling image "my-private-repo.com/my-image:latest"
  Warning  Failed                 3s    kubelet, gke-trunfo-default-pool-07eea2fb-3bh9  Error: ImagePullBackOff

我们可以看到,该机密已按预期定义,但未正确附加。

1 个答案:

答案 0 :(得分:1)

您还没有得到秘密。您的日志说

  

无法提取图像“ my-private-repo.com/my-image:latest”:rpc错误:代码=未知desc =来自守护程序的错误响应:获取https://my-private-repo.com/v1/_ping:拨打tcp:查找my-private -repo.com于169.254.169.254:53:没有此类主机     警告失败3s kubelet,gke-trunfo-default-pool-07eea2fb-3bh9错误:ErrImagePull

这意味着您的Pod无法启动,因为该图像不可用。解决此问题,如果在观察者窗格状态“准备就绪”后发布Yaml定义后,如果您在机密方面仍然存在疑问。