[英]Kubernetes not pulling image from private registry
我正在嘗試將映像從我的私有注冊表(港口)部署到我的 Kubernetes 環境。 注冊表已成功設置並已包含我的圖像。
為了給出上下文,這是我的部署文件:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
name: sps-app
name: sps-app
spec:
replicas: 1
template:
metadata:
labels:
name: sps-app
spec:
containers:
- image: repo-harbor.test.com/sps_project/spsapp:23
env:
- name: MONGODB_URL
value: "mongodb://mongo.default.svc.cluster.local:27017/user"
name: sps-app
ports:
- containerPort: 4000
name: sps-app
imagePullSecrets:
- name: harbor
我已經使用以下命令創建了我的港口秘密
kubectl create secret docker-registry harbor \
--docker-server=https://repo-harbor.test.com \
--docker-username=admin \
--docker-password='xxxxxx!'
但是,當我對我的部署執行kubectl apply -f
時,它總是進入映像拉回退狀態。
經過進一步調查,我檢查了 pod 的日志,並指出存在 x509 認證錯誤。
Kubernetes 事件:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m default-scheduler Successfully assigned default/private-image-test-1 to df56bd02-5e0e-4644-a565-c233ac2404fe
Normal Pulling 2m (x3 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe pulling image "jur01-harbor.acepod.com/sps_project/spsapp:2"
Warning Failed 2m (x3 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Failed to pull image "jur01-harbor.acepod.com/sps_project/spsapp:2": rpc error: code = Unknown desc = Error response from daemon: Get https://jur01-harbor.acepod.com/v2/: x509: certificate signed by unknown authority
Warning Failed 2m (x3 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Error: ErrImagePull
Warning Failed 2m (x4 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Error: ImagePullBackOff
Normal SandboxChanged 2m (x7 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Pod sandbox changed, it will be killed and re-created.
Normal BackOff 2m (x5 over 3m) kubelet, df56bd02-5e0e-4644-a565-c233ac2404fe Back-off pulling image "jur01-harbor.acepod.com/sps_project/spsapp:2"
在這一點上,我不確定如何解決這個問題。 有人會如何解決這個問題嗎?
jur01-harbor.acepod.com
的鏡像注冊表使用自簽名證書,Docker 不信任該證書。
將該映像注冊表提供的自定義 CA 證書復制到所有 Kubernetes 節點,位於名為/etc/docker/certs.d/jur01-harbor.acepod.com/
的目錄中。
參考: Docker 文檔/測試不安全的注冊表。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.