Kubernetes 从 GCR 私有仓库下载镜像

【问题标题】:Kubernetes download image from GCR private repoKubernetes 从 GCR 私有仓库下载镜像
【发布时间】:2020-04-27 21:24:42
【问题描述】:

我正在尝试使用存储在 Google Cloud Platform 上的图像启动 kube 部署,我可以使用 docker docker pull gcr.io/<project>/toolkit-image 手动下载它,权限在那里,一个简单的部署说

Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  47s                default-scheduler  Successfully assigned default/testimage-jenkins-5bdc57567f-ss5qh to minikube
  Normal   BackOff    17s (x3 over 45s)  kubelet, minikube  Back-off pulling image "gcr.io/toolkit-image:latest"
  Warning  Failed     17s (x3 over 45s)  kubelet, minikube  Error: ImagePullBackOff
  Normal   Pulling    6s (x3 over 46s)   kubelet, minikube  Pulling image "gcr.io/toolkit-image:latest"
  Warning  Failed     6s (x3 over 45s)   kubelet, minikube  Failed to pull image "gcr.io/toolkit-image:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://gcr.io/v2/toolkit-image/manifests/latest: unknown: Project 'project:toolkit-image' not found or deleted.
  Warning  Failed     6s (x3 over 45s)   kubelet, minikube  Error: ErrImagePull

和我的价值观

master:
  adminPassword: <testr_pass>
  resources:
    limits:
      cpu: 500m
      memory: 1Gi
  podLabels:
    nodePort: 32323
  serviceType: ClusterIP
  image: "gcr.io/<project>/toolkit-image"
  tag: "latest"

rbac:
  create: true

如果我尝试在 gcr.io/project/toolkit-image 中使用或不使用 \project\ val 进行拉动,也会发生同样的情况

Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  53s                default-scheduler  Successfully assigned default/testimage-jenkins-f5856f9c9-65prx to minikube
  Normal   BackOff    22s (x2 over 49s)  kubelet, minikube  Back-off pulling image "gcr.io/<project>/toolkit-image:latest"
  Warning  Failed     22s (x2 over 49s)  kubelet, minikube  Error: ImagePullBackOff
  Normal   Pulling    7s (x3 over 52s)   kubelet, minikube  Pulling image "gcr.io/<project>/toolkit-image:latest"
  Warning  Failed     5s (x3 over 49s)   kubelet, minikube  Failed to pull image "gcr.io/<project>/toolkit-image:latest": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
  Warning  Failed     5s (x3 over 49s)   kubelet, minikube  Error: ErrImagePull

任何想法如何让 kubectl 看到私有的谷歌云平台存储库?

PS: gcloud auth configure-docker 这个验证命令根本没有帮助

【问题讨论】:

  • 什么是。您是否掩盖了问题的项目名称或图像名称实际上有它?
  • 我只是把它隐藏在stackoverflow中,那里有正常的字符串

标签: kubernetes google-cloud-platform containers kubernetes-helm minikube


【解决方案1】:

如果您的私有注册中心需要认证,您需要配置imagePullSecrets

https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

【讨论】:

  • 我在那里做了所有可能的步骤 - 仍然没有工作
  • 简单的gcloud auth configure-dockergcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://gcr.io/根本没有结果
  • 甚至下载了docker-credentials-gcr还是第n次
  • 您的服务帐户是否具有对存储的读取权限?无论如何都要检查一下,应该对ryaneschinger.com/blog/…有帮助。
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2016-05-13
  • 2019-12-19
  • 2018-01-15
  • 1970-01-01
  • 2015-04-05
  • 2021-04-27
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode