ImagePullBackOff:无法通过Kubernetes集群将我的私有Docker映像拖入

时间:2019-04-28 00:46:32

标签: azure docker kubernetes

我正在尝试在Kubernetes清单中包含自己的私有Docker映像,但出现ImagePullBackOff错误。

我不确定是否已经: -为我的secrets使用了错误的数据 -在某处缺少命令 -使用某些特定名称或标签等错误的数据

该映像托管在Azure容器注册表(aka。ACR)上。

这是我遇到的错误...然后是我尝试执行的步骤。

Tests-MBP:k8s test$ clear && kubectl describe pod acounts-api-7fcc5d9bb-826ht

Events:
  Type     Reason                 Age                From                         Message
  ----     ------                 ----               ----                         -------
  Normal   Scheduled              69s                default-scheduler            Successfully assigned acounts-api-7fcc5d9bb-826ht to docker-for-desktop
  Normal   SuccessfulMountVolume  69s                kubelet, docker-for-desktop  MountVolume.SetUp succeeded for volume "default-token-ffrhq"
  Normal   BackOff                30s (x2 over 64s)  kubelet, docker-for-desktop  Back-off pulling image "hornet/accounts.api"
  Warning  Failed                 30s (x2 over 64s)  kubelet, docker-for-desktop  Error: ImagePullBackOff
  Normal   Pulling                16s (x3 over 68s)  kubelet, docker-for-desktop  pulling image "hornet/accounts.api"
  Warning  Failed                 11s (x3 over 64s)  kubelet, docker-for-desktop  Failed to pull image "hornet/accounts.api": rpc error: code = Unknown desc = Error response from daemon: pull access denied for hornet/accounts.api, repository does not exist or may require 'docker login'
  Warning  Failed                 11s (x3 over 64s)  kubelet, docker-for-desktop  Error: ErrImagePull
Tests-MBP:k8s test$ 


我已经创建了一个secret

Tests-MacBook-Pro:k8s test$ kubectl get secrets
NAME                  TYPE                                  DATA   AGE
default-token-ffrhq   kubernetes.io/service-account-token   3      3d
hornet-acr-auth       kubernetes.io/dockerconfigjson        1      16h
Tests-MacBook-Pro:k8s test$ 

使用以下命令:

Tests-MacBook-Pro:k8s test$ kubectl create secret docker-registry hornet-acr-auth --docker-server <snip>.azurecr.io --docker-username 9858ae98-<snip> --docker-password 10abe15a-<snip> --docker-email a@b.com
secret/hornet-acr-auth created

并获取该用户名/密码,我followed these instructions并做到了...

Tests-MacBook-Pro:k8s test$ ./azure-credentials.sh 
Retrying role assignment creation: 1/36
Service principal ID: 9858ae98-<snip>
Service principal password: 10abe15a-<snip>

以及我的.sh脚本的前几行...

#!/bin/bash

ACR_NAME=<snip> // this is the name of the ACR (e.g. foo) .. NOT foo.azurecr.io
SERVICE_PRINCIPAL_NAME=acr-service-principal

...

最后..这就是我试图在我的deployment清单中创建.yaml的方式。...

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: acounts-api
spec:
  selector:
    matchLabels:
      app: acounts-api
  replicas: 1
  template:
    metadata:
      labels:
        app: acounts-api
    spec:
      imagePullSecrets:
      - name: hornet-acr-auth
      containers:
      - name: acounts-api
        image: hornet/accounts.api
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          name: http
        - containerPort: 5301
          name: data-ingest
        env:
        - name: "RavenDb__ServerUrl"
          value: "http://ravendb-data-lb:5200"
---

是的,我已经确认存储库存在于ACR中。

1 个答案:

答案 0 :(得分:4)

图像hornet/accounts.api实际上看起来像是来自Docker Hub的图像,情况并非如此,对吗?

我猜您的图片名称应该是<snip>.azurecr.io/accounts.api还是<snip>.azurecr.io/hornet/accounts.api