[英]Kubernetes cannot pull an image from private repository on Docker Hub
By some reason Kubernetes cannot pull an image from my private account on Docker Hub.由于某种原因,Kubernetes 无法从我在 Docker Hub 上的私人帐户中提取图像。 I tried all possible ways of creating a secret (from config.json, by providing credentials directly on command line) but still no success.
我尝试了所有可能的方法来创建一个秘密(从 config.json,通过直接在命令行上提供凭据),但仍然没有成功。
Last time I did docker login
and executed the following command to create the secret:上次我做
docker login
并执行以下命令来创建密钥:
kubectl create secret docker-registry dockerhub-credentials --from-file=.dockerconfigjson=/home/myuser/.docker/config.json
Also tried the following command (which is same but I thought there might be a bug in kubectl
that doesn't recognize parameters correctly:还尝试了以下命令(这是相同的,但我认为
kubectl
中可能存在无法正确识别参数的错误:
kubectl create secret generic dockerhub-credentials --from-file=.dockerconfigjson=/home/myuser/.docker/config.json --type=kubernetes.io/dockerconfigjson
After the deployment I can see the following in the pod's YAML file:部署后,我可以在 pod 的 YAML 文件中看到以下内容:
spec:
volumes:
...
containers:
- name: container-name
image: 'username/projects:web_api_123'
ports:
- containerPort: 80
protocol: TCP
...
imagePullPolicy: IfNotPresent
...
imagePullSecrets:
- name: dockerhub-credentials
An image name is correct (I verified) and a secret with Docker Hub credentials was correctly assigned to my POD.映像名称正确(我已验证)并且带有 Docker 集线器凭据的机密已正确分配给我的 POD。 I even patched default service account.
我什至修补了默认服务帐户。 But it still doesn't work.
但它仍然不起作用。
OK, the problem lies in namespaces: all my deployments, pods, services, etc. live inside a separate namespace BUT command that creates a secret does in 'default' namespace.好的,问题出在命名空间中:我所有的部署、pod、服务等都存在于一个单独的命名空间中,但是创建秘密的命令在“默认”命名空间中。
By some reason, I thought that these secrets in 'default' namespace are visible from another namespace, which is not the case.出于某种原因,我认为“默认”命名空间中的这些秘密在另一个命名空间中是可见的,但事实并非如此。 So, if you want to create a docker config secret, you will have to do it using YAML:
因此,如果要创建 docker 配置密钥,则必须使用 YAML 进行:
kind: Secret
apiVersion: v1
metadata:
name: dockerhub-credentials
namespace: your-namespace
data:
.dockerconfigjson: base64-encoded-/.docker/config.json
type: kubernetes.io/dockerconfigjson
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.