使用Helm和Kubernetes在本地运行ECR映像 [英] Running a ECR image locally with helm and Kubernetes

问题描述

我是Kubernetes的新手，作为我自己的教程，我一直在努力为带头盔(v3)的Kubernetes部署一个基本项目. 我在AWS的ECR中有一张图片以及该项目的本地头盔图表. 但是，我正在努力用Kubernetes运行我的映像.

I'm new to Kubernetes and as a tutorial for myself I've been working on deploying a basic project to Kubernetes with helm (v3). I have an image in AWS's ECR as well as a local helm chart for this project. However, I am struggling to run my image with Kubernetes.

我的图像设置正确.如果我在本地尝试类似docker run my_image_in_ecr的操作，则其行为将达到预期的效果(在本地配置IAM访问凭据之后). 我的头盔图表正确倾斜，并在我的图像图中指定:

My image is set up correctly. If I try something like docker run my_image_in_ecr locally it behaves as expected (after configuring my IAM access credentials locally). My helm chart is properly linted and in my image map, it specifies:

image:
  repository: my_image_in_ecr
  tag: latest
  pullPolicy: IfNotPresent

但是，当我尝试使用掌舵进行部署时，我遇到了问题. 我的理解是带舵运行程序，我应该:

When I try to use helm to deploy though, I'm running into issues. My understanding is to run my program with helm, I should:

1. 在我的图表上运行头盔安装

1. Run helm install on my chart

在新的kubernetes容器中运行图像

Run the image inside my new kubernetes pod

但是当我看着我的kubernetes吊舱时，它们似乎永远无法启动并运行.

But when I look at my kubernetes pods, it looks like they never get up and running.

hello-test1-hello-world-54465c788c-dxrc7           0/1     ImagePullBackOff    0          49m
hello-test2-hello-world-8499ddfb76-6xn5q           0/1     ImagePullBackOff    0          2m45s
hello-test3-hello-world-84489658c4-ggs89           0/1     ErrImagePull        0          15s

这些吊舱的日志如下:

Error from server (BadRequest): container "hello-world" in pod "hello-test3-hello-world-84489658c4-ggs89" is waiting to start: trying and failing to pull image

由于我不知道如何使用Kubernetes正确设置imagePullSecrets，所以我期望这样做会失败.但是我期待一个不同的错误消息，例如错误的身份验证凭据.

Since I don't know how to set up imagePullSecrets properly with Kubernetes I was expecting this to fail. But I was expecting a different error message such as bad auth credentials.

1. 如何解决图像拉动中的错误?这个问题甚至与我的图片在ecr中无关吗?
2. 如何正确设置凭据(例如imagePullSecrets)以授权从ecr中提取图像?我遵循了一些指南，例如此指南和这一个，但对如何将这些信息转换为ecr的正确授权配置.

1. How can I resolve the error in image pulling? Is this issue not even related to the fact that my image is in ecr?
2. How can I properly set up credentials (such as imagePullSecrets) to authorize pulling the image from ecr? I have followed some guides such as this one and this one but am confused on how to tranlate this information into a proper authorization configuration for ecr.

推荐答案

如何正确设置凭据(例如imagePullSecrets)以授权从ecr中提取图像?

How can I properly set up credentials (such as imagePullSecrets) to authorize pulling the image from ecr?

传统方式是向节点授予

The traditional way is to grant the Node an instance role that includes ecr:* IAM Permissions , ensure you have --cloud-provider=aws set on apiserver, controller-manager, and kubelet (which if you are doing anything with kubernetes inside AWS you will for sure want to enable and configure correctly), and kubelet will then automatically coordinate with ECR to Just Work™

该信息显示在您引用的页面上，标题为

That information was present on the page you cited, under the heading Using Amazon Elastic Container Registry but it isn't clear if you read it and didn't understand, or read it and it doesn't apply to you, or didn't get that far down the page

这篇关于使用Helm和Kubernetes在本地运行ECR映像的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！