Docker-for-desktop kubernetes 从私有仓库拉取镜像
[英]Docker-for-desktop kubernetes pull image from private repository
问题描述
I am new to kubernetes and GCP.
我是 kubernetes 和 GCP 的新手。 I am trying to deploy locally.我正在尝试在本地部署。 I have an image that it is in a private repository in Google Registry.我有一个图像,它位于 Google Registry 的私有存储库中。
I was able to deploy in a GCP cluster, but locally I am getting ErrImagePull when I try to apply the deployment.我能够在 GCP 集群中进行部署,但是当我尝试应用部署时,我在本地遇到了ErrImagePull 。
I tried the following steps我尝试了以下步骤
Created a
Service Accountwith the roleViewerand downloaded the json file使用角色Viewer创建Service Account并下载 json 文件I encoded the file with the following command
openssl base64 -in file.json -out encodedfile.json我使用以下命令对文件进行了编码openssl base64 -in file.json -out encodedfile.jsonI removed the return characters on the encoded file (to have the encoded content in one line)
我删除了编码文件上的返回字符(将编码内容放在一行中)I created a secret with a yaml to be able to access the docker Registry, and pasted the content of the encoded file on
.dockerconfigjson我用 yaml 创建了一个秘密,以便能够访问.dockerconfigjsonRegistry,并将编码文件的内容粘贴到.dockerconfigjsonapiVersion: v1 kind: Secret metadata: name: gcr-json-key namespace: development data: .dockerconfigjson: xxxxx type: kubernetes.io/dockerconfigjson
apiVersion: v1 kind: Secret metadata: name: gcr-json-key namespace: development data: .dockerconfigjson: xxxxx type: kubernetes.io/dockerconfigjsonIn the deployment I added
在我添加的部署中imagePullSecrets:
imagePullSecrets:- name: gcr-json-key名称:gcr-json-key
- name: gcr-json-key
I am getting the same error, it is not able to pull from the private google registry into my local machine我遇到了同样的错误,它无法从私人谷歌注册表中提取到我的本地机器
UPDATE 1更新 1
I encoded the json file with this command我用这个命令编码了 json 文件
base64 -i myorg-8b8eea93246a.json -o encoded-myorg-8b8eea93246a.json
Then I checked that this encoded file works然后我检查了这个编码文件是否有效
cat encoded-myorg-8b8eea93246a.json | docker login -u _json_key_base64 --password-stdin \
https://us-docker.pkg.dev
And it worked它起作用了
Login Succeeded
This is the yaml file I am using to create the secret这是我用来创建秘密的 yaml 文件
apiVersion: v1
kind: Secret
metadata:
name: gcr-json-key
namespace: development
data:
.dockerconfigjson: <XXXX content of encoded myorg-8b8eea93246a.json file XXXX>
type: kubernetes.io/dockerconfigjson
And in the deployment I have在部署中我有
...
spec:
...
imagePullSecrets:
- name: gcr-json-key
...
The deployment is created but the image is not pulled.部署已创建,但未拉取映像。 In the kubectl get all I can see the status ImagePullBackOff在kubectl get all我可以看到状态ImagePullBackOff
When I do a describe to the pod当我对 pod 进行描述时
Failed to pull image "gcr.io/xxx/yyy": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials.
1 个解决方案
解决方案1
2 已采纳 2020-11-08 05:57:46
You are on right path.你走在正确的道路上。 You need to create secret for registry login.您需要为注册表登录创建密码。 This works for me:这对我有用:
kubectl create secret docker-registry <secret_name> --docker-server=<your.registry.domain.name> --docker-username=<user> --docker-password=<password> --docker-email=<your_email>
And then I use this secret for deployment:然后我使用这个秘密进行部署:
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: server
spec:
imagePullSecrets:
- name: <secret_name>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.