Kubernetes containerd 无法从私有注册表中提取图像
[英]Kubernetes containerd failed to pull images from private registry
问题描述
I have a Kubernetes cluster in azure(AKS) with kubernetes version 1.22.11.
我在天蓝色(AKS)中有一个 Kubernetes 集群,kubernetes 版本 1.22.11。 I'm unable to pull images from our private registry.我无法从我们的私人注册表中提取图像。 I have edited config.toml like below and restarted containerd service as well.我已经像下面那样编辑了 config.toml 并重新启动了 containerd 服务。 I tried this with auth as well, instead of username/password still it didn't work.我也尝试过使用身份验证,而不是用户名/密码,但它仍然不起作用。
version = 2
subreaper = false
oom_score = 0
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "mcr.microsoft.com/oss/kubernetes/pause:3.5"
[plugins."io.containerd.grpc.v1.cri".containerd]
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = "/usr/bin/runc"
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = "/usr/bin/runc"
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
conf_template = "/etc/containerd/kubenet_template.conf"
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."test.registry.com"]
endpoint = ["https://test.registry.com:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."test.registry.com".tls]
insecure_skip_verify=true
[plugins."io.containerd.grpc.v1.cri".registry.configs."test.registry.com".auth]
username = "xxxxx"
password = "xxxxx"
[metrics]
address = "0.0.0.0:10257"
I'm getting the below error when I try to pull an image from registry当我尝试从注册表中提取图像时出现以下错误
crictl pull test.registry.com:5000/sba-housekeeping/logrotate:2.0.2 FATA[0000] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "test.registry.com:5000/sba-housekeeping/logrotate:2.0.2": failed to resolve reference "test.registry.com:5000/sba-housekeeping/logrotate:2.0.2": pulling from host software.openet.com:5000 failed with status code [manifests 2.0.2]: 401 Unauthorized crictl pull test.registry.com:5000/sba-housekeeping/logrotate:2.0.2 FATA[0000] 拉取图像:rpc 错误:代码 = 未知 desc = 无法拉取和解压缩图像“test.registry.Z4D236D9A2D102C5FE6AD1C500DA4BEC5Z:: -housekeeping/logrotate:2.0.2”:无法解析参考“test.registry.com:5000/sba-housekeeping/logrotate:2.0.2”:从主机中拉取 software.openet.com:5000 失败,状态码为 [man 2.0.2]: 401 未经授权
My credentials are correct, I have verified them through docker login我的凭据是正确的,我已通过 docker 登录验证了它们
1 个解决方案
解决方案1
0 2022-08-10 20:07:06
You can add your docker registry credentials to the cluster by creating a K8S secret of type kubernetes.io/dockerconfigjson and using it to pull the image.您可以通过创建类型为kubernetes.io/dockerconfigjson的 K8S 机密并使用它来拉取映像,将您的 docker 注册表凭据添加到集群。
To create it from a docker config file:要从 docker 配置文件创建它:
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson
Or by providing the credens:或者通过提供凭证:
kubectl create secret docker-registry regcred \
--docker-server=<your-registry-server> \
--docker-username=<your-name> \
--docker-password=<your-pword> \
--docker-email=<your-email>
You can use it by just adding imagePullSecrets :您只需添加imagePullSecrets即可使用它:
apiVersion: v1
kind: Pod
metadata:
name: <pod-name>
spec:
containers:
- name: <container-name>
image: <your-private-image>
imagePullSecrets:
- name: regcred
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.