Kubernetes 无法从私有 docker 镜像存储库中拉取镜像 [英] Kubernetes cannot pull image from private docker image repository
问题描述
我在使用 kubernetes (minikube) 时遇到问题,并从 docker 上的本地图像存储库中提取图像.Docker 存储库已创建:
I have problem with kubernetes (minikube) and pull images from local image repository on docker. Docker repository was created:
docker run --entrypoint htpasswd registry:2 -Bbn zordon examplePassword > /mnt/LINUX/auth/htpasswd
docker run -d
-p 5000:5000
--restart=always
--name registry
-v /mnt/LINUX/dockerreg:/var/lib/registry
-v /mnt/LINUX/auth:/auth
-e "REGISTRY_AUTH=htpasswd"
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
registry:2
然后我想用成功上传到本地存储库的图像创建简单的pod:
Then I want to create simple pod with image which was succesfully uploaded to local repository:
curl localhost:5000/v2/_catalog
{"repositories":["car/configuration"]}
我还在 minikube 集群上创建了秘密:
I have also create secret on minikube cluster with:
kubectl create secret docker-registry docregkey --docker-server=localhost:5000 --docker-username=zordon --docker-password=examplePassword --docker-email=test@dock.mail
并定义简单的Pod:
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: car/configuration:latest
imagePullPolicy: Always
restartPolicy: Always
imagePullSecrets:
- name: docregkey
不幸的是我还是不动:
无法拉取映像汽车/配置:最新":rpc 错误:代码 =Unknown desc = 来自守护进程的错误响应:请求访问被拒绝汽车/配置,存储库不存在或可能需要docker"登录'
Failed to pull image "car/configuration:latest": rpc error: code = Unknown desc = Error response from daemon: pull access denied for car/configuration, repository does not exist or may require 'docker login'
我该如何解决这个问题?
How i can fix this problem ?
推荐答案
为了使 minikube 从您自己的本地 docker 注册表中拉取,标签会影响拉取策略.根据 Images docs,拉取策略默认为 IfNotPresent,除非
For minikube to pull from your own local docker registry, the tag affects the pull policy. Per Images docs, pull policy is IfNotPresent by default EXCEPT if
- 您使用
:latest作为要使用的图像的标记 - 或者您省略要使用的图像的标签.
- you use
:latestas the tag for the image to use - OR you omit the tag for the image to use.
在这些情况下,拉取策略将有效地默认为 Always,这将尝试从 docker hub 拉取.这将导致 minikube 无法获取没有标签或最新"标签的本地图像.
In those cases the pull policy will effectively default to Always, which will attempt to pull from docker hub. This will cause minikube to be unable to fetch local images that have no tag or "latest" tag.
这个故事的寓意是,不要依赖默认设置,因为它太混乱了:)
Moral of the story is, don't rely on the default because it is too confusing :)
所以总是明确说明拉取策略:
So always explicitly state the pull policy:
- 部署到 minikube 时,pull 策略应该是
IfNotPresent或Never用于本地图像 - 在部署到云主机(如 AWS)时,拉取策略应与公共镜像相同(见下文)
- 对于那些使用最新"或稳定"等标签的公共图像,拉取策略应该是
Always(因为图像标签点会随着时间的推移而改变),以及IfNotPresent对于始终指向相同的图像(以避免获取超过必要的)
- when deploying into minikube the pull policy should be
IfNotPresentorNeverfor the local images - when deploying into a cloud host (like AWS), pull policy should be as for public images (see below)
- the pull policy should be
Alwaysfor those public images that use a tag like "latest" or "stable" (because the image the tag points will change over time), andIfNotPresentfor tags that always point to the same image (to avoid fetching more than necessary)
这意味着,如果您避免使用诸如 latest 和 stable 等标签,则只需遵循一条规则:
This means that if you avoid using tags like latest and stable etc, there is only one rule to follow:
- 在您的规范中(或在运行的情况下在命令行上)显式设置
imagePullPolicy为IfNotPresent,因为这将始终首先在本地查找它,如果在本地找不到,则转到公共注册表,无论您是部署到 minikube 还是云中,这都将起作用.
- explicitly set the
imagePullPolicyin your spec (or on the command line in the case of run) toIfNotPresent, as this is will always look for it locally first, and go to public registry if it is not found locally, and this will work whether or not you are deploying into minikube or cloud.
这篇关于Kubernetes 无法从私有 docker 镜像存储库中拉取镜像的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
