创建deploy
后,pod
始终显示crashbackoff
,如下
journalctl -xe -u kubelt显示如下
Nov 07 23:54:24 a.b kubelet[15073]: E1107 23:54:24.349432 15073 remote_image.go:113] PullImage "registry.cn-hangzhou.aliyuncs.com/wenlong/nginx:latest" from image service failed: rpc error: code = Unknown desc = Error response from daemon: pull access denied for registry.cn-hangzhou.aliyuncs.com/wenlong/nginx, repository does not exist or may require 'docker login'
Nov 07 23:54:24 a.b kubelet[15073]: E1107 23:54:24.349482 15073 kuberuntime_image.go:50] Pull image "registry.cn-hangzhou.aliyuncs.com/wenlong/nginx:latest" failed: rpc error: code = Unknown desc = Error response from daemon: pull access denied for registry.cn-hangzhou.aliyuncs.com/wenlong/nginx, repository does not exist or may require 'docker login'
Nov 07 23:54:24 a.b kubelet[15073]: E1107 23:54:24.349559 15073 kuberuntime_manager.go:801] container start failed: ErrImagePull: rpc error: code = Unknown desc = Error response from daemon: pull access denied for registry.cn-hangzhou.aliyuncs.com/wenlong/nginx, repository does not exist or may require 'docker login'
Nov 07 23:54:24 a.b kubelet[15073]: E1107 23:54:24.349607 15073 pod_workers.go:191] Error syncing pod 969b0d12-9162-4f5d-b94a-a58f78b5433a ("gitea-nginx-cbbd789cc-h7vl8_default(969b0d12-9162-4f5d-b94a-a58f78b5433a)"), skipping: failed to "StartContainer" for "nginx" with ErrImagePull: "rpc error: code = Unknown desc = Error response from daemon: pull access denied for registry.cn-hangzhou.aliyuncs.com/wenlong/nginx, repository does not exist or may require 'docker login'"
原因:
虽然`docker login`登录时可以的,但是`k8s`集群中却没有登录凭证
解决方法:
为k8s
集群创建一个登录凭证,并且在pod
的模板中指明凭证
-
创建1个
secret
,类型为docker-registry
,名称为regcred
(名称可以随意)kubectl create secret docker-registry regcred --docker-server=registry.cn-hangzhou.aliyuncs.com --docker-username=lw3312236 --docker-password=A1dn12997345
-
创建成功后可查看
其中
data
字段为账号密码可使用如下命令,将其转化为可读形式
kubectl get secret regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
如下
其中
auth
字段为密码,可使用base64将其转化为可读形式echo "c3R...zE2" | base64 --decode
-
在
pod
的模板中指定对应的凭证
官方文档,可参考 https://kubernetes.io/zh/docs/tasks/configure-pod-container/pull-image-private-registry/