从 Kube.netes 中的私有容器注册表 (Harbor) 拉取镜像
[英]Pulling image from private container registry (Harbor) in Kubernetes
问题描述
I am using Harbor ( https://goharbor.io/ ) for private container registry.
我正在使用 Harbor ( https://goharbor.io/ ) 进行私有容器注册。 I run the Harbor using docker compose, and it is working fine.我使用 docker compose 运行 Harbor,它工作正常。 I can push/ pull images to this private registry using a VM.我可以使用 VM 将图像推送/拉取到这个私有注册表。 I already used 'docker login' command to login into this Harbor repository.我已经使用“docker login”命令登录到这个 Harbor 存储库。
For Kube.netes, I am using k3s.对于 Kube.netes,我使用的是 k3s。
Now, I want to create a pod in Kube.netes using the image in this Harbor private repository.现在,我想使用这个 Harbor 私有存储库中的图像在 Kube.netes 中创建一个 pod。 I referred to Harbor & Kube.netes documentations ( https://goharbor.io/docs/1.10/working-with-projects/working-with-images/pulling-pushing-images/ ) & ( https://kube.netes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ) to pull the image.我参考了 Harbor & Kube.netes 文档 ( https://goharbor.io/docs/1.10/working-with-projects/working-with-images/pulling-pushing-images/ ) & ( https://kube.netes .io/docs/tasks/configure-pod-container/pull-image-private-registry/ ) 来拉取镜像。
As mentioned in Harbor documentation:如 Harbor 文档中所述:
Kube.netes users can easily deploy pods with images stored in Harbor.
When your Harbor instance is hosting HTTP and the certificate is self-signed, you must modify daemon.json on each work node of your cluster.
If your pod references an image under a private project, you must create a secret with the credentials of a user who has permission to pull images from the project.
I created the daemon.json file in /etc/docker:我在 /etc/docker 中创建了 daemon.json 文件:
{
"insecure-registries" : "my-harbor-server:443"
}
As mentioned in Kube.netes documentation, I created the Secret using this command:如 Kube.netes 文档中所述,我使用以下命令创建了 Secret:
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson
Then I used a file called pod.yml to create pod (using kubectl apply -f pod.yml):然后我使用一个名为 pod.yml 的文件来创建 pod(使用 kubectl apply -f pod.yml):
apiVersion: v1
kind: Pod
metadata:
name: myapp
spec:
containers:
- name: myapp
image: my-harbor-server/my-project/mayapp:v1.0
imagePullSecrets:
- name: regcred
However, when I checked the pod status, it is showing 'ImagePullBackOff'.但是,当我检查 Pod 状态时,它显示“ImagePullBackOff”。 The pod logs shows: pod 日志显示:
Error from server (BadRequest): container "myapp" in pod "myapp" is waiting to start: trying and failing to pull image
Is there any other step that I have to do to pull this image from Harbor private repository into Kube.netes?是否需要执行任何其他步骤才能将此图像从 Harbor 私有存储库拉入 Kube.netes? What is the reason that I cannot pull this image from Harbor private repository into Kube.netes?我无法将此镜像从 Harbor 私有存储库拉入 Kube.netes 的原因是什么?
1 个解决方案
解决方案1
0 2022-10-02 10:02:18
The /etc/docker/daemon.json file configures the docker engine. /etc/docker/daemon.json文件配置了 docker 引擎。 If your CRI is not the docker shim, them this file will not apply to Kube.netes.如果您的 CRI 不是 docker shim,则此文件将不适用于 Kube.netes。 For k3s, that is configured using /etc/rancher/k3s/registries.yaml .对于 k3s,使用/etc/rancher/k3s/registries.yaml配置。 See https://rancher.com/docs/k3s/latest/en/installation/private-registry/ for details on configuring this file.有关配置此文件的详细信息,请参阅https://rancher.com/docs/k3s/latest/en/installation/private-registry/ 。 It needs to be performed on each host.需要在每台主机上执行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.