[英]private docker registry for gitlab secret not working in kubernetes
我正在嘗試為我的 kube.netes 容器鏡像設置一個 gitlab 私有注冊表。
我已經在下面刪除了不相關的代碼。
我的副本集定義為:
kind: ReplicaSet
...
spec:
containers:
- name: redacted
image: registry.gitlab.com/redacted/redacted/redacted:latest
ports:
- containerPort: 8080
volumeMounts:
- name: redacted-data
mountPath: /var/www/html
imagePullSecrets:
- name: github-auth
...
我正在使用以下 kubectl 命令設置我的秘密:
kubectl create -n redacted secret docker-registry gitlab-auth \
--docker-server="registry.gitlab.com:5000" \
--docker-username="redacted" \
--docker-password="redacted" \
--docker-email="redacted" \
--namespace="redacted"
這是失敗的容器 output:
Name: redacted-cgbrk
...
Containers:
redacted:
Container ID:
Image: registry.gitlab.com/redacted/redacted/redacted:latest
Image ID:
Port: 8080/TCP
Host Port: 0/TCP
State: Waiting
Reason: ErrImagePull
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-qv24l (ro)
/var/www/html from redacted-data (rw)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 64s default-scheduler 0/1 nodes are available: 1 pod has unbound immediate PersistentVolumeClaims. preemption: 0/1 nodes are available: 1 Preemption is not helpful for scheduling.
Normal Scheduled 62s default-scheduler Successfully assigned redacted/redacted-cgbrk to pool-2t9lbcb5l-7d37n
Normal SuccessfulAttachVolume 55s attachdetach-controller AttachVolume.Attach succeeded for volume "pvc-6c4aac85-bb60-44e8-b557-7f65d62543fa"
Normal Pulling 16s (x3 over 54s) kubelet Pulling image "registry.gitlab.com/redacted/mpro/redacted:latest"
Warning Failed 16s (x3 over 54s) kubelet Failed to pull image "registry.gitlab.com/redacted/redacted/redacted:latest": rpc error: code = Unknown desc = failed to pull and unpack image "registry.gitlab.com/redacted/redacted/redacted:latest": failed to resolve reference "registry.gitlab.com/redacted/redacted/redacted:latest": failed to authorize: failed to fetch anonymous token: unexpected status: 403 Forbidden
...
Kube.netes 使用與 docker 登錄名不同的單獨身份驗證,檢查您是否已使用所需的身份驗證配置 Kube.netes,以便它可以從您的私有注冊表中提取。
按照以下步驟操作:
1)登錄Docker中心
2)根據現有憑證創建一個Secret
3) 通過在命令行上提供憑據來創建 Secret
4)檢查秘密regcred
5) 創建一個使用你的 Secret 的 Pod
請在此處查看 K8S 問題: 從私有注冊表中拉取映像以獲取更多信息。
另請參閱此類似的SO以獲取更多信息。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.