[英]Kubernetes not pulling image from private registry
我正在尝试将映像从我的私有注册表(港口)部署到我的 Kubernetes 环境。 注册表已成功设置并已包含我的图像。
为了给出上下文,这是我的部署文件:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
name: sps-app
name: sps-app
spec:
replicas: 1
template:
metadata:
labels:
name: sps-app
spec:
containers:
- image: repo-harbor.test.com/sps_project/spsapp:23
env:
- name: MONGODB_URL
value: "mongodb://mongo.default.svc.cluster.local:27017/user"
name: sps-app
ports:
- containerPort: 4000
name: sps-app
imagePullSecrets:
- name: harbor
我已经使用以下命令创建了我的港口秘密
kubectl create secret docker-registry harbor \
--docker-server=https://repo-harbor.test.com \
--docker-username=admin \
--docker-password='xxxxxx!'
但是,当我对我的部署执行kubectl apply -f
时,它总是进入映像拉回退状态。
经过进一步调查,我检查了 pod 的日志,并指出存在 x509 认证错误。
Kubernetes 事件:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m default-scheduler Successfully assigned default/private-image-test-1 to df56bd02-5e0e-4644-a565-c233ac2404fe
Normal Pulling 2m (x3 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe pulling image "jur01-harbor.acepod.com/sps_project/spsapp:2"
Warning Failed 2m (x3 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Failed to pull image "jur01-harbor.acepod.com/sps_project/spsapp:2": rpc error: code = Unknown desc = Error response from daemon: Get https://jur01-harbor.acepod.com/v2/: x509: certificate signed by unknown authority
Warning Failed 2m (x3 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Error: ErrImagePull
Warning Failed 2m (x4 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Error: ImagePullBackOff
Normal SandboxChanged 2m (x7 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Pod sandbox changed, it will be killed and re-created.
Normal BackOff 2m (x5 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Back-off pulling image "jur01-harbor.acepod.com/sps_project/spsapp:2"
在这一点上,我不确定如何解决这个问题。 有人会如何解决这个问题吗?
jur01-harbor.acepod.com
的镜像注册表使用自签名证书,Docker 不信任该证书。
将该映像注册表提供的自定义 CA 证书复制到所有 Kubernetes 节点,位于名为/etc/docker/certs.d/jur01-harbor.acepod.com/
的目录中。
参考: Docker 文档/测试不安全的注册表。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.