[英]Docker-for-desktop kubernetes pull image from private repository
I am new to kubernetes and GCP.我是 kubernetes 和 GCP 的新手。 I am trying to deploy locally.
我正在尝试在本地部署。 I have an image that it is in a private repository in Google Registry.
我有一个图像,它位于 Google Registry 的私有存储库中。
I was able to deploy in a GCP cluster, but locally I am getting ErrImagePull
when I try to apply the deployment.我能够在 GCP 集群中进行部署,但是当我尝试应用部署时,我在本地遇到了
ErrImagePull
。
I tried the following steps我尝试了以下步骤
Created a Service Account
with the role Viewer
and downloaded the json file使用角色
Viewer
创建Service Account
并下载 json 文件
I encoded the file with the following command openssl base64 -in file.json -out encodedfile.json
我使用以下命令对文件进行了编码
openssl base64 -in file.json -out encodedfile.json
I removed the return characters on the encoded file (to have the encoded content in one line)我删除了编码文件上的返回字符(将编码内容放在一行中)
I created a secret with a yaml to be able to access the docker Registry, and pasted the content of the encoded file on .dockerconfigjson
我用 yaml 创建了一个秘密,以便能够访问
.dockerconfigjson
Registry,并将编码文件的内容粘贴到.dockerconfigjson
apiVersion: v1 kind: Secret metadata: name: gcr-json-key namespace: development data: .dockerconfigjson: xxxxx type: kubernetes.io/dockerconfigjson apiVersion: v1 kind: Secret metadata: name: gcr-json-key namespace: development data: .dockerconfigjson: xxxxx type: kubernetes.io/dockerconfigjson
In the deployment I added在我添加的部署中
imagePullSecrets: imagePullSecrets:
I am getting the same error, it is not able to pull from the private google registry into my local machine我遇到了同样的错误,它无法从私人谷歌注册表中提取到我的本地机器
UPDATE 1更新 1
I encoded the json file with this command我用这个命令编码了 json 文件
base64 -i myorg-8b8eea93246a.json -o encoded-myorg-8b8eea93246a.json
Then I checked that this encoded file works然后我检查了这个编码文件是否有效
cat encoded-myorg-8b8eea93246a.json | docker login -u _json_key_base64 --password-stdin \
https://us-docker.pkg.dev
And it worked它起作用了
Login Succeeded
This is the yaml file I am using to create the secret这是我用来创建秘密的 yaml 文件
apiVersion: v1
kind: Secret
metadata:
name: gcr-json-key
namespace: development
data:
.dockerconfigjson: <XXXX content of encoded myorg-8b8eea93246a.json file XXXX>
type: kubernetes.io/dockerconfigjson
And in the deployment I have在部署中我有
...
spec:
...
imagePullSecrets:
- name: gcr-json-key
...
The deployment is created but the image is not pulled.部署已创建,但未拉取映像。 In the
kubectl get all
I can see the status ImagePullBackOff
在
kubectl get all
我可以看到状态ImagePullBackOff
When I do a describe to the pod当我对 pod 进行描述时
Failed to pull image "gcr.io/xxx/yyy": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials.
You are on right path.你走在正确的道路上。 You need to create secret for registry login.
您需要为注册表登录创建密码。 This works for me:
这对我有用:
kubectl create secret docker-registry <secret_name> --docker-server=<your.registry.domain.name> --docker-username=<user> --docker-password=<password> --docker-email=<your_email>
And then I use this secret for deployment:然后我使用这个秘密进行部署:
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: server
spec:
imagePullSecrets:
- name: <secret_name>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.