在GKE / Kubernetes内建造,推送和测试Docker图像的工作流程 [英] Workflow for building, pushing, and testing Docker images inside GKE / Kubernetes
问题描述
我正在开发一种Kubernetes服务,用于部署在Google Container Egine(GKE)中。直到最近,我已经在Google Cloud Shell中构建了Docker图像,但是现在我已经达到配额限制了,因为Cloud Shell运行的免费VM实例的总体负载显然比多个 docker build s和 push es。到目前为止,我的经验是,经过约一周左右的持续工作,我面对以下错误消息,并且必须在Cloud Shell再次可用之前等待大约两天。
I am developing a Kubernetes service for deployment in Google Container Egine (GKE). Until recently, I have built Docker images in Google Cloud Shell, but I am hitting quota limits now, because the overall load on the free VM instance where Cloud Shell runs is apparently too high from multiple docker builds and pushes. My experience so far is that after about a week or so of sustained work I face the following error message and have to wait for about two days before the Cloud Shell becomes available again.
Service usage limits temporarily exceeded. Try connecting later.
我试图转移我的 docker build s和 push es到可计费机器(GCE VM实例或GKE群集节点),但不能完成:
I have tried to shift my docker builds and pushes onto billable machines (GCE VM instances or GKE cluster nodes), but not to complete success:
-
在GCE VM实例上,Docker显然未安装。 (也是有道理的。)
On a GCE VM instance, Docker is apparently not installed. (Also makes sense.)
在GKE群集节点上,Docker已安装,我可以( sudo ) docker build 我的图像,但 docker push (甚至在 gcloud docker )失败,并附带以下错误消息几秒钟后(推几层):被拒绝:拒绝访问
On a GKE cluster node, Docker is installed and I can (sudo) docker build my image, but docker push (even after gcloud docker) fails with the following error message after few seconds (after pushing a few layers): denied: Access denied
那么GKE内码头图像的可持续发展工作是什么?我应该在一个虚拟机实例上安装Docker(我希望不会),或者我希望在其他地方可以希望 docker build , docker push 最终 kubectl创建我的服务,而不会失去停用配额限制等等? (我正在使用MacBook作为本地开发机器,如果我可以帮助它,也不愿意安装Docker,我更喜欢在Cloud中构建Docker图像。)
So what is a sustainable development workflow for docker images inside GKE? Am I supposed to install Docker on a VM instance (I hope not) or where else can I hope to docker build, docker push and ultimately kubectl create my service without running into work-stalling quota limits, etc.? (I am using a MacBook as local development machine, and would prefer not to install Docker there either, if I can help it. I.e. I prefer to build docker images in the Cloud.)
更新如果我为VM实例装备了一个 Container-VM映像如下, docker build 成功,但是 c> docker push 在GKE群集节点之前(使用被拒绝:拒绝访问):
UPDATE If I equip a VM instance with a Container-VM image as follows, docker build succeeds, but docker push fails just as on the GKE cluster node before (with denied: Access denied):
gcloud compute images list \
--project google-containers \
--no-standard-images
gcloud compute instances create tmp \
--machine-type g1-small
--image container-vm-v20160321 \
--image-project google-containers
--zone europe-west1-d
推荐答案
解决方案公司没有将范围 storage-rw 添加到实例中(否则默认情况下应用 storage-r ):
The solution consisted of adding the scope storage-rw to the instance (otherwise storage-r applies by default):
gcloud compute images list \
--project google-containers \
--no-standard-images
gcloud compute instances create tmp \
--machine-type g1-small \
--image container-vm-v20160321 \
--image-project google-containers \
--zone europe-west1-d \
--scopes compute-rw,storage-rw
此外,我还必须安装 kubectl (喜欢这样)并配置它(喜欢这样),所以总的来说这是一个麻烦的一点。 (此外,当集群的端点更改后,配置将不得不更新。)
In addition, I also had to install kubectl (like so) and configure it (like so), so overall this is quite a bite of a hassle. (Also the configuration will have to be updated when the cluster's endpoint changes e.g. after a recreation.)
但是现在可以使用专用的VM实例(例如 tmp )用于Docker图像的开发工作。
But I can now use use a dedicated VM instance (such as tmp) for development work on Docker images.
更新添加范围 compute-rw ,这是必需的用于操纵GCE地址(例如在 gcloud计算地址列表中)。
UPDATE Added scope compute-rw, which is necessary e.g. for manipulating GCE addresses (as e.g. in gcloud compute addresses list).
这篇关于在GKE / Kubernetes内建造,推送和测试Docker图像的工作流程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
