如何使kubernetes码头工人秘密工作?

时间:2018-10-26 21:23:28

标签: docker kubernetes kubernetes-helm

显示“ xxx”的数据已被屏蔽。

问题描述:

成功方案:当我在Docker注册表中公开映像时,我的pod已成功创建。

失败情况:当我在Docker注册表中将映像设为私有时。我的映像拉取在kubernetes群集上失败。

请在下面提供详细信息和帮助。

我已将映像发布到Docker注册表。

以下是我的kubernetes秘诀:

c:\xxxxxxx\temp>kubectl get secret regcredx -o yaml
apiVersion: v1
data:
  .dockerconfigjson: xxxxxx
kind: Secret
metadata:
  creationTimestamp: 2018-10-25T21:38:18Z
  name: regcredx
  namespace: default
  resourceVersion: "1174545"
  selfLink: /api/v1/namespaces/default/secrets/regcredx
  uid: 49a71ba5-d89e-11e8-8bd2-005056b7126c
type: kubernetes.io/dockerconfigjson

这是我的pod.yaml文件:

apiVersion: v1
kind: Pod
metadata:
  name: whatever
spec:
  containers:
    - name: whatever
      image: xxxxxxxxx/xxxxxx:123
      imagePullPolicy: Always
      command: [ "sh", "-c", "tail -f /dev/null" ]
  imagePullSecrets:
    - name: regcredx

这是我在集群中的pod配置:

c:\Sharief\temp>kubectl get pod whatever -o yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    cni.projectcalico.org/podIP: 100.96.1.81/32
  creationTimestamp: 2018-10-26T20:49:11Z
  name: whatever
  namespace: default
  resourceVersion: "1302024"
  selfLink: /api/v1/namespaces/default/pods/whatever
  uid: 9783b81f-d960-11e8-94ca-005056b7126c
spec:
  containers:
  - command:
    - sh
    - -c
    - tail -f /dev/null
    image: xxxxxxxxx/xxxxxxx:123
    imagePullPolicy: Always
    name: whatever
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-4db4c
      readOnly: true
   dnsPolicy: ClusterFirst
  imagePullSecrets:
  - name: regcredx
  nodeName: xxxx-pvt
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: default-token-4db4c
    secret:
      defaultMode: 420
      secretName: default-token-4db4c
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: 2018-10-26T20:49:33Z
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: 2018-10-26T20:49:33Z
    message: 'containers with unready status: [whatever]'
    reason: ContainersNotReady
    status: "False"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: 2018-10-26T20:49:11Z
    status: "True"
    type: PodScheduled
  containerStatuses:
  - image: xxxxxxxxx/xxxxxxx:123
    imageID: ""
    lastState: {}
    name: whatever
    ready: false
    restartCount: 0
    state:
      waiting:
        message: Back-off pulling image "xxxxxxxxx/xxxxxxx:123"
        reason: ImagePullBackOff
  hostIP: xx.xxx.xx.xx
  phase: Pending
  podIP: xx.xx.xx.xx
  qosClass: BestEffort
  startTime: 2018-10-26T20:49:33Z

这是我的豆荚描述:

c:\xxxxxxx\temp>kubectl describe pod whatever
Name:               whatever
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               co2-vmkubwrk01company-pvt/xx.xx.xx.xx
Start Time:         Fri, 26 Oct 2018 15:49:33 -0500
Labels:             <none>
Annotations:        cni.projectcalico.org/podIP=xxx.xx.xx.xx/xx
Status:             Pending
IP:                 xxx.xx.x.xx
Containers:
  whatever:
    Container ID:
    Image:         xxxxxxxxx/xxxxxxx:123
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      sh
      -c
      tail -f /dev/null
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-4db4c (ro)
Conditions:
  Type           Status
  Initialized    True
  Ready          False
  PodScheduled   True
Volumes:
  default-token-4db4c:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-4db4c
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason                 Age                 From                                Message
  ----     ------                 ----                ----                                -------
  Normal   Scheduled              27m                 default-scheduler                   Successfully assigned whatever to xxx
  Normal   SuccessfulMountVolume  26m                 kubelet, co2-vmkubwrk01company-pvt  MountVolume.SetUp succeeded for volume "default-token-4db4c"
  Normal   Pulling                25m (x4 over 26m)   kubelet, co2-vmkubwrk01company-pvt  pulling image "xxxxxxxxx/xxxxxxx:123"
  Warning  Failed                 25m (x4 over 26m)   kubelet, co2-vmkubwrk01company-pvt  Failed to pull image "xxxxxxxxx/xxxxxxx:123": rpc error: code = Unknown desc = repository docker.io/xxxxxxxxx/xxxxxxx not found: does not exist or no pull access
  Warning  Failed                 25m (x4 over 26m)   kubelet, co2-vmkubwrk01company-pvt  Error: ErrImagePull
  Normal   BackOff                16m (x41 over 26m)  kubelet, co2-vmkubwrk01company-pvt  Back-off pulling image "xxxxxxxxx/xxxxxxx:123"
  Warning  Failed                 1m (x106 over 26m)  kubelet, co2-vmkubwrk01company-pvt  Error: ImagePullBackOff

1 个答案:

答案 0 :(得分:2)

Kubernetes找不到您的存储库,图像路径错误,您需要解决此问题:

image: xxxxxxxxx/xxxxxx:123

您可以尝试测试一种假设,即在要进行部署的节点上预拉映像。做docker images,记下正确的uri / repo:tag并在部署中对其进行更新。

相关问题
最新问题