[英]Unable to pull docker image into Kubernetes Pod from Google Container Registry
I have read this question and this one , and created my Kubernetes secret for Google Container Registry using a service account JSON key with project: owner and viewer permissions. 我已阅读本问题 ,这一个 ,并使用与项目服务帐户JSON密钥创建我Kubernetes秘密谷歌集装箱注册地:拥有者和查看权限。 I have also verified that the image does in fact exist in Google Container Registry by going to the console.
我还通过访问控制台验证了图像确实存在于Google容器注册表中。
I have also read this document . 我也读过这份文件 。
When I run: 当我跑:
minikube dashboard
And then from the user interface, I click the "+" sybmol, specify the URL of my image like this: 然后从用户界面,我点击“+”sybmol,指定我的图像的URL,如下所示:
project-123456/bot-image
then click on 'advanced options' and specify the Secret that was imported. 然后单击“高级选项”并指定导入的秘密。
After a few seconds I see this error: 几秒钟后,我看到了这个错误:
Error: Status 403 trying to pull repository project-123456/bot-image: "Unable to access the repository: project-123456/bot-image; please verify that it exists and you have permission to access it (no valid credential was supplied)."
If I look at what's inside the Secret file (.dockerconfigjson), it's like: {" https://us.gcr.io ": {"email": "admin@domain.com", "auth": "longtexthere"}} 如果我查看Secret文件(.dockerconfigjson)中的内容,它就像:{“ https://us.gcr.io ”:{“email”:“admin@domain.com”,“auth”:“longtexthere” }}
What could be the issue? 可能是什么问题?
The json needs to have a top level "{auths":
json key from: json需要有一个顶级
"{auths":
json键来自:
Creating image pull secret for google container registry that doesn't expire? 为谷歌容器注册表创建图像拉秘密不会过期?
So the json should be structured like: 所以json的结构应该是这样的:
{"auths":{"https://us.gcr.io": {"email": "admin@domain.com", "auth": "longtexthere"}}}
If you are still having issues, you can alternatively download the latest version of minikube (0.17.1) and run minikube addons configure registry-creds
following the prompts there to setup creds then run minikube addons enable registry-creds
如果您仍然遇到问题,您可以下载最新版本的minikube(0.17.1)并运行
minikube addons configure registry-creds
按照提示设置creds然后运行minikube addons enable registry-creds
Now you should be able to pull down pods from GCR using a yaml structured like this: 现在你应该可以使用如下结构的yaml从GCR中下载pod:
apiVersion: v1
kind: Pod
metadata:
name: foo
namespace: default
spec:
containers:
- image: gcr.io/example-vm/helloworld:latest
name: foo
EDIT: 6/13/2018 updating the commands to reflect comment by @Rambatino 编辑:6/13/2018更新命令以反映@Rambatino的评论
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.