docker Kubernetes无法提取映像,没有基本身份验证凭据

uxhixvfz  于 2023-02-21  发布在  Docker
关注(0)|答案(4)|浏览(123)

我尝试从kubernetes的github软件包中提取一个映像,但我一直收到错误“没有基本的auth凭证”
我用这个命令创建了一个密码:
kubectl创建加密的停靠注册表--停靠服务器=docker.pkg.github.com--停靠用户名=********--停靠密码=*--停靠电子邮件=****
我在yaml文件中添加了imagePullSecrets
我还在群集的所有节点中的$HOME/. docker/config.json中具有包含凭据的config.json文件
下面是yaml文件的内容:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: invoice
  namespace: jhipster
spec:
  replicas: 1
  selector:
    matchLabels:
      app: invoice
      version: 'v1'
  template:
    metadata:
      labels:
        app: invoice
        version: 'v1'
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app
                      operator: In
                      values:
                        - invoice
                topologyKey: kubernetes.io/hostname
              weight: 100
      initContainers:
        - name: init-ds
          image: busybox:latest
          command:
            - '/bin/sh'
            - '-c'
            - |
              while true
              do
                rt=$(nc -z -w 1 invoice-mysql 3306)
                if [ $? -eq 0 ]; then
                  echo "DB is UP"
                  break
                fi
                echo "DB is not yet reachable;sleep for 10s before retry"
                sleep 10
              done
      containers:
        - name: invoice-app
          image: docker.pkg.github.com/jhipsterapps/kubernetes/invoice
          env:
            - name: SPRING_PROFILES_ACTIVE
              value: prod
            - name: SPRING_CLOUD_CONFIG_URI
              value: http://admin:${jhipster.registry.password}@jhipster-registry.jhipster.svc.cluster.local:8761/config
            - name: JHIPSTER_REGISTRY_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: registry-secret
                  key: registry-admin-password
            - name: EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE
              value: http://admin:${jhipster.registry.password}@jhipster-registry.jhipster.svc.cluster.local:8761/eureka/
            - name: SPRING_DATASOURCE_URL
              value: jdbc:mysql://invoice-mysql.jhipster.svc.cluster.local:3306/invoice?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true
            - name: SPRING_SLEUTH_PROPAGATION_KEYS
              value: 'x-request-id,x-ot-span-context'
            - name: JAVA_OPTS
              value: ' -Xmx256m -Xms256m'
          resources:
            requests:
              memory: '512Mi'
              cpu: '500m'
            limits:
              memory: '1Gi'
              cpu: '1'
          ports:
            - name: http
              containerPort: 8081
          readinessProbe:
            httpGet:
              path: /management/health
              port: http
            initialDelaySeconds: 20
            periodSeconds: 15
            failureThreshold: 6
          livenessProbe:
            httpGet:
              path: /management/health
              port: http
            initialDelaySeconds: 120
      imagePullSecrets:
          - name: regcred

下面是describe命令的结果:

Name:         invoice-75859c6479-f9vmh
Namespace:    jhipster
Priority:     0
Node:         kworker1/10.66.12.213
Start Time:   Fri, 25 Sep 2020 16:35:50 +0200
Labels:       app=invoice
              pod-template-hash=75859c6479
              version=v1
Annotations:  <none>
Status:       Pending
IP:           10.244.1.117
IPs:
  IP:           10.244.1.117
Controlled By:  ReplicaSet/invoice-75859c6479
Init Containers:
  init-ds:
    Container ID:  docker://6d06e731b6fcdb4b8223ed0e0cd52687882413fe84fa18b17a853ce8cdf0ce65
    Image:         busybox:latest
    Image ID:      docker-pullable://busybox@sha256:d366a4665ab44f0648d7a00ae3fae139d55e32f9712c67accd604bb55df9d05a
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/sh
      -c
      while true
      do
        rt=$(nc -z -w 1 invoice-mysql 3306)
        if [ $? -eq 0 ]; then
          echo "DB is UP"
          break
        fi
        echo "DB is not yet reachable;sleep for 10s before retry"
        sleep 10
      done
      
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Fri, 25 Sep 2020 16:35:54 +0200
      Finished:     Fri, 25 Sep 2020 16:36:14 +0200
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-s8qbq (ro)
Containers:
  invoice-app:
    Container ID:   
    Image:          docker.pkg.github.com/jhipsterapps/kubernetes/invoice
    Image ID:       
    Port:           8081/TCP
    Host Port:      0/TCP
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Limits:
      cpu:     1
      memory:  1Gi
    Requests:
      cpu:      500m
      memory:   512Mi
    Liveness:   http-get http://:http/management/health delay=120s timeout=1s period=10s #success=1 #failure=3
    Readiness:  http-get http://:http/management/health delay=20s timeout=1s period=15s #success=1 #failure=6
    Environment:
      SPRING_PROFILES_ACTIVE:                 prod
      SPRING_CLOUD_CONFIG_URI:                http://admin:${jhipster.registry.password}@jhipster-registry.jhipster.svc.cluster.local:8761/config
      JHIPSTER_REGISTRY_PASSWORD:             <set to the key 'registry-admin-password' in secret 'registry-secret'>  Optional: false
      EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE:  http://admin:${jhipster.registry.password}@jhipster-registry.jhipster.svc.cluster.local:8761/eureka/
      SPRING_DATASOURCE_URL:                  jdbc:mysql://invoice-mysql.jhipster.svc.cluster.local:3306/invoice?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true
      SPRING_SLEUTH_PROPAGATION_KEYS:         x-request-id,x-ot-span-context
      JAVA_OPTS:                               -Xmx256m -Xms256m
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-s8qbq (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  default-token-s8qbq:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-s8qbq
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age                    From               Message
  ----     ------     ----                   ----               -------
  Normal   Scheduled  5m57s                  default-scheduler  Successfully assigned jhipster/invoice-75859c6479-f9vmh to kworker1
  Normal   Pulling    5m56s                  kubelet, kworker1  Pulling image "busybox:latest"
  Normal   Pulled     5m54s                  kubelet, kworker1  Successfully pulled image "busybox:latest" in 1.873312412s
  Normal   Created    5m54s                  kubelet, kworker1  Created container init-ds
  Normal   Started    5m53s                  kubelet, kworker1  Started container init-ds
  Normal   BackOff    4m10s (x4 over 5m5s)   kubelet, kworker1  Back-off pulling image "docker.pkg.github.com/jhipsterapps/kubernetes/invoice"
  Normal   Pulling    3m58s (x4 over 5m32s)  kubelet, kworker1  Pulling image "docker.pkg.github.com/jhipsterapps/kubernetes/invoice"
  Warning  Failed     3m58s (x4 over 5m32s)  kubelet, kworker1  Failed to pull image "docker.pkg.github.com/jhipsterapps/kubernetes/invoice": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.pkg.github.com/v2/jhipsterapps/kubernetes/invoice/manifests/latest: no basic auth credentials
  Warning  Failed     3m58s (x4 over 5m32s)  kubelet, kworker1  Error: ErrImagePull
  Warning  Failed     55s (x16 over 5m5s)    kubelet, kworker1  Error: ImagePullBackOff
docker

4条答案

按热度按时间
o2rvlv0m

o2rvlv0m1#

机密必须与部署在同一个名称空间中,才能使用它从Docker注册中心提取。
因此,当您创建密钥时,您用途:

kubectl create secret docker-registry regcred \
  --namespace=jhipster \ # <--
  --docker-server=docker.pkg.github.com \
  --docker-username=********* \
  --docker-password=******* \
  --docker-email=*****

如果你使用2fa和password(在regcred中),这也可能是一个问题,在这种情况下,你应该创建一个访问令牌作为密码。

赞(0)分享  回复(0)举报  2023-02-21
vjrehmav

vjrehmav2#

对我来说,我不得不添加一个https://到docker-server,即.

kubectl create secret docker-registry aws-secret --docker-server=https://AWS@311730556533.dkr.ecr.ca-central-1.amazonaws.com --docker-username=AWS --docker-password=$PASSWORD -n NAMESPACE```
赞(0)分享  回复(0)举报  2023-02-21
qnakjoqk

qnakjoqk3#

我在minikube中遇到过这个问题。使用aws_session_token作为密码并再次使用aws_session_token对我有效。

赞(0)分享  回复(0)举报  2023-02-21
mlmc2os5

mlmc2os54#

我也为这个问题挣扎了大约1个小时,感谢上面的答案,然而,不幸的是,我无法用你的解决方案解决我的问题,可能是我的环境不同.最后我找到了一个kubernetes文档,我尝试了下面的步骤来访问我的私人docker注册表.
1.运行docker login-u ${用户名}-p ${密码}。这将创建一个名为"config.json"的配置文件,位于~/. docker/
1.运行以下命令。

kubectl create secret generic regcred \
 --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
 --type=kubernetes.io/dockerconfigjson

1.将创建的密码(此处为regcred)添加到部署中。

apiVersion: v1
    kind: Pod
    metadata:
      name: private-reg
    spec:
      containers:
      - name: private-reg-container
        image: <your-private-image>
      imagePullSecrets:
      - name: regcred

1.如果您的部署不在默认名称空间下,请务必小心,您必须使用kubectl的-n选项在与步骤2中的部署相同的名称空间下创建secret。
Kubernetes文档URL:https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

赞(0)分享  回复(0)举报  2023-02-21
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com