Fatal编程技术网
  • docker/
  • 在Kubernetes集群中部署内部docker映像

在Kubernetes集群中部署内部docker映像

docker kubernetes

在Kubernetes集群中部署内部docker映像,docker,kubernetes,kubeadm,Docker,Kubernetes,Kubeadm,我尝试部署一个我构建的docker映像,它不在公共或私有注册表上 我使用imagePullPolicy:IfNotPresent进行Kubernetes部署 我使用kubeadm v1.12来纠正错误: Normal Scheduled 35s default-scheduler Successfully assigned default/test-777dd9bc96-chgc7 to ip-10-0-1-154 Normal Sa

我尝试部署一个我构建的docker映像,它不在公共或私有注册表上

我使用
imagePullPolicy:IfNotPresent
进行Kubernetes部署

我使用kubeadm v1.12来纠正错误:

Normal   Scheduled       35s                default-scheduler       Successfully assigned default/test-777dd9bc96-chgc7 to ip-10-0-1-154
Normal   SandboxChanged  32s                kubelet, ip-10-0-1-154  Pod sandbox changed, it will be killed and re-created.
Normal   BackOff         30s (x3 over 31s)  kubelet, ip-10-0-1-154  Back-off pulling image "test_kube"
Warning  Failed          30s (x3 over 31s)  kubelet, ip-10-0-1-154  Error: ImagePullBackOff
Normal   Pulling         15s (x2 over 34s)  kubelet, ip-10-0-1-154  pulling image "test"
Warning  Failed          13s (x2 over 33s)  kubelet, ip-10-0-1-154  Failed to pull image "test": rpc error: code = Unknown desc = Error response from daemon: pull access denied for test_kube, repository does not exist or may require 'docker login'
Warning  Failed          13s (x2 over 33s)  kubelet, ip-10-0-1-154  Error: ErrImagePull
我的部署文件:

apiVersion: apps/v1beta1
kind: Deployment
vmetadata:
  name: test-kube
spec:
  template:
    metadata:
  labels:
    app: test
spec:
  containers:
  - name: test
    image: test
    imagePullPolicy: IfNotPresent
    ports:
    - containerPort: 3000
    env:
    - name: SECRET-KUBE
      valueFrom:
        secretKeyRef:
          name: secret-test
          key: username
docker图像]

在我尝试使用的部署文件中

图像:测试和带有图像:测试:测试

同样的错误:

错误:ErrImagePull

  • 基于具有拉/推权限的docker注册表用户创建密码
  • 把它当作秘密

  • 在部署节点上预拉映像
创建秘密和用法的详细信息:

Kubernetes集群使用docker注册表类型的秘密通过容器注册表进行身份验证以获取私有映像

创建此机密,将其命名为regcred:

kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>

kubectl创建秘密docker注册表regcred--docker服务器=--docker用户名=--docker密码=--docker电子邮件=
其中:

<your-registry-server> is your Private Docker Registry FQDN. (https://index.docker.io/v1/ for DockerHub)
<your-name> is your Docker username.
<your-pword> is your Docker password.
<your-email> is your Docker email.

是您的专用Docker注册表FQDN。(https://index.docker.io/v1/ (适用于DockerHub)
是您的Docker用户名。
是您的Docker密码。
这是你的Docker电子邮件。
然后创建一个使用该秘密的pod:

apiVersion: v1
kind: Pod
metadata:
  name: private-reg
spec:
  containers:
  - name: private-reg-container
    image: <your-private-image>
  imagePullSecrets:
  - name: regcred
apiVersion:v1 种类:豆荚 元数据: 姓名:私人注册 规格: 容器: -名称:私有注册容器 图片: 你的秘密: -姓名:regcred 有关本地映像用例,请参阅以下帖子:

在kubernetes集群的主节点上应该有一个docker私有注册表,这样如果pod部署在节点上,就可以从那里提取映像。您可以在以下位置找到使用docker private registry创建Kubernetes群集的步骤:

六,。在主节点上创建docker专用注册表

# Set basic auth.
rm -f /auth/*
mkdir -p /auth
docker run --entrypoint htpasswd registry:2 -Bbn test test > /auth/htpasswd

docker rm registry -f
七,。带有来自私有注册表的图像的pod的YAML示例

apiVersion: v1
kind: Pod
metadata:
  name: test-site
  labels:
    app: web
spec:
  containers:
    - name: test
  image: 192.168.147.3:5000/test-image:latest
    ports:
      - containerPort: 8000
  imagePullPolicy: Always
    imagePullSecrets:
      - name: regsecret
检查您的docker映像是否是使用docker映像生成的,并带有图像标记“test_kube”。如果没有,则使用正确的凭据更改docker image标记以测试_Kubee?您是否使用相同的凭据推送了映像?我尝试部署一个我生成的docker映像,但它不在公共或私有注册表中。@PrafullLadha我尝试过,但还是遇到了同样的问题:)我在部署节点上生成映像,它位于docker映像上,但没有。我会试试你说的第一个。创建docker私有注册表,在kubernetes中拉取并添加凭证。谢谢:)如果映像已经在节点上,它应该可以工作,请检查image@cdemet答案更新了,请看那个帖子用本地的image@IjazAhmadKhan最初的问题是关于kubeadm的,你的链接帖子是关于minikube的。 
# Set certificates auth.
rm -f /certs/*
mkdir -p /certs
openssl genrsa 1024 > /certs/registrykey.pem
chmod 400 /certs/registrykey.pem
openssl req -new -x509 -nodes -sha1 -days 365 -key /certs/registrykey.pem  -out /certs/registry.pem  -subj "/C=/ST=/L=/O=/OU=/CN=registry.com" > /dev/null 2>&1
docker run -d -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -p 5000:5000 --restart=always --name registry -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.pem -e REGISTRY_HTTP_TLS_KEY=/certs/registrykey.pem registry:2

# Create secret to be used in "imagePullSecrets" section of a pod
kubectl create secret docker-registry regsecret --docker-server=192.168.147.3:5000 --docker-username=test --docker-password=test --namespace=kube-system

# Push image in private registry.
docker tag test-image:latest 192.168.147.3:5000/test-image
docker push 192.168.147.3:5000/test-image

apiVersion: v1
kind: Pod
metadata:
  name: test-site
  labels:
    app: web
spec:
  containers:
    - name: test
  image: 192.168.147.3:5000/test-image:latest
    ports:
      - containerPort: 8000
  imagePullPolicy: Always
    imagePullSecrets:
      - name: regsecret