Docker Swarm-无法从私有注册表中提取 [英] Docker Swarm - Can’t pull from private registry
问题描述
由于docker stack deploy --with-registry-auth和这个撰写文件,我正在Swarm集群上运行服务:
I'm running a service on a Swarm cluster, thanks to docker stack deploy --with-registry-auth and this compose file:
version: "3.1"
services:
builder-consumer:
image: us.gcr.io/my-gcloud-project/my/image:123
stop_grace_period: 30m
volumes:
- [...]
environment:
- [...]
deploy:
mode: global
placement:
constraints:
- node.role == worker
secrets:
- [...]
secrets:
[...]
这在我部署时很好用,但是稍后当我向集群添加一个工作程序节点时,新工作程序无法提取运行任务所需的映像.系统日志报告以下内容:
This works fine when I deploy, but when I add a worker node to the swarm later on, the new worker can't pull the image required to run the task. The system logs report this:
level = error msg =在错误发生后不继续进行拉取:拒绝: 来自请求的\ 123 \权限被拒绝 \"/v2/my-gcloud-project/my/image/manifests/123 \". "
level=error msg="Not continuing with pull after error: denied: Permission denied for \123\" from request \"/v2/my-gcloud-project/my/image/manifests/123\". "
level = info msg =翻译\"被拒绝:权限被拒绝 \\"123 \\"来自要求 \\"/v2/my-gcloud-project/my/image/manifests/123 \\". \"到 \未找到存储库us.gcr.io/my-gcloud-project/my/image:未找到 存在或没有拉取权限\"
level=info msg="Translating \"denied: Permission denied for \\"123\\" from request \\"/v2/my-gcloud-project/my/image/manifests/123\\". \" to \"repository us.gcr.io/my-gcloud-project/my/image not found: does not exist or no pull access\""
level = error msg =拉取图像失败" error =存储库 us.gcr.io/my-gcloud-project/my/image找不到:不存在或不存在 拉访问"module =" node/agent/taskmanager"node.id = ... service.id = ... task.id = ...
level=error msg="pulling image failed" error="repository us.gcr.io/my-gcloud-project/my/image not found: does not exist or no pull access" module="node/agent/taskmanager" node.id=... service.id=... task.id=...
level = error msg =致命任务错误" error =没有这样的图片: us.gcr.io/my-gcloud-project/my/image:123@sha256:... module ="node/agent/taskmanager" node.id = ... service.id = ... task.id = ...
level=error msg="fatal task error" error="No such image: us.gcr.io/my-gcloud-project/my/image:123@sha256:..." module="node/agent/taskmanager" node.id=... service.id=... task.id=...
但是,当我在该计算机上手动运行docker pull时,由于docker login,由于群集中的每台计算机都通过了我的私有Google注册表的身份验证,因此它可以正常工作.
However, when I manually run docker pull on that machine, it works fine, since every machine in the cluster is authenticated to my private Google Registry, thanks to docker login.
因此,我的问题是:
- 为什么添加的工作程序无法从私有注册表中提取?
-
--with-registry-auth到底能做什么?
- Why can't the added worker pull from the private registry?
- What does
--with-registry-authdo exactly?
非常感谢
注意:节点正在运行Ubuntu 16.04.2 LTS,而Docker版本是:
Note: the nodes are running Ubuntu 16.04.2 LTS and the Docker version is:
Server:
Version: 17.04.0-ce
API version: 1.28 (minimum version 1.12)
Go version: go1.7.5
Git commit: 4845c56
Built: Mon Apr 3 18:07:42 2017
OS/Arch: linux/amd64
Experimental: false
推荐答案
在我的情况下,我没有使用"--with-registry-auth"运行堆栈,因此我关闭了实例,然后再次启动了管理器使用该选项,现在可以使用
In my case I was not running the stack with "--with-registry-auth", so I shuted down the instances, and I started again the manager with that option, and now it works
这篇关于Docker Swarm-无法从私有注册表中提取的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
