我尝试从kubernetes的github软件包中提取一个映像,但我一直收到错误“没有基本的auth凭证”
我用这个命令创建了一个密码:
kubectl创建加密的停靠注册表--停靠服务器=docker.pkg.github.com--停靠用户名=********--停靠密码=*--停靠电子邮件=****
我在yaml文件中添加了imagePullSecrets
我还在群集的所有节点中的$HOME/. docker/config.json中具有包含凭据的config.json文件
下面是yaml文件的内容:
apiVersion: apps/v1
kind: Deployment
metadata:
name: invoice
namespace: jhipster
spec:
replicas: 1
selector:
matchLabels:
app: invoice
version: 'v1'
template:
metadata:
labels:
app: invoice
version: 'v1'
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- invoice
topologyKey: kubernetes.io/hostname
weight: 100
initContainers:
- name: init-ds
image: busybox:latest
command:
- '/bin/sh'
- '-c'
- |
while true
do
rt=$(nc -z -w 1 invoice-mysql 3306)
if [ $? -eq 0 ]; then
echo "DB is UP"
break
fi
echo "DB is not yet reachable;sleep for 10s before retry"
sleep 10
done
containers:
- name: invoice-app
image: docker.pkg.github.com/jhipsterapps/kubernetes/invoice
env:
- name: SPRING_PROFILES_ACTIVE
value: prod
- name: SPRING_CLOUD_CONFIG_URI
value: http://admin:${jhipster.registry.password}@jhipster-registry.jhipster.svc.cluster.local:8761/config
- name: JHIPSTER_REGISTRY_PASSWORD
valueFrom:
secretKeyRef:
name: registry-secret
key: registry-admin-password
- name: EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE
value: http://admin:${jhipster.registry.password}@jhipster-registry.jhipster.svc.cluster.local:8761/eureka/
- name: SPRING_DATASOURCE_URL
value: jdbc:mysql://invoice-mysql.jhipster.svc.cluster.local:3306/invoice?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true
- name: SPRING_SLEUTH_PROPAGATION_KEYS
value: 'x-request-id,x-ot-span-context'
- name: JAVA_OPTS
value: ' -Xmx256m -Xms256m'
resources:
requests:
memory: '512Mi'
cpu: '500m'
limits:
memory: '1Gi'
cpu: '1'
ports:
- name: http
containerPort: 8081
readinessProbe:
httpGet:
path: /management/health
port: http
initialDelaySeconds: 20
periodSeconds: 15
failureThreshold: 6
livenessProbe:
httpGet:
path: /management/health
port: http
initialDelaySeconds: 120
imagePullSecrets:
- name: regcred
下面是describe命令的结果:
Name: invoice-75859c6479-f9vmh
Namespace: jhipster
Priority: 0
Node: kworker1/10.66.12.213
Start Time: Fri, 25 Sep 2020 16:35:50 +0200
Labels: app=invoice
pod-template-hash=75859c6479
version=v1
Annotations: <none>
Status: Pending
IP: 10.244.1.117
IPs:
IP: 10.244.1.117
Controlled By: ReplicaSet/invoice-75859c6479
Init Containers:
init-ds:
Container ID: docker://6d06e731b6fcdb4b8223ed0e0cd52687882413fe84fa18b17a853ce8cdf0ce65
Image: busybox:latest
Image ID: docker-pullable://busybox@sha256:d366a4665ab44f0648d7a00ae3fae139d55e32f9712c67accd604bb55df9d05a
Port: <none>
Host Port: <none>
Command:
/bin/sh
-c
while true
do
rt=$(nc -z -w 1 invoice-mysql 3306)
if [ $? -eq 0 ]; then
echo "DB is UP"
break
fi
echo "DB is not yet reachable;sleep for 10s before retry"
sleep 10
done
State: Terminated
Reason: Completed
Exit Code: 0
Started: Fri, 25 Sep 2020 16:35:54 +0200
Finished: Fri, 25 Sep 2020 16:36:14 +0200
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-s8qbq (ro)
Containers:
invoice-app:
Container ID:
Image: docker.pkg.github.com/jhipsterapps/kubernetes/invoice
Image ID:
Port: 8081/TCP
Host Port: 0/TCP
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Limits:
cpu: 1
memory: 1Gi
Requests:
cpu: 500m
memory: 512Mi
Liveness: http-get http://:http/management/health delay=120s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:http/management/health delay=20s timeout=1s period=15s #success=1 #failure=6
Environment:
SPRING_PROFILES_ACTIVE: prod
SPRING_CLOUD_CONFIG_URI: http://admin:${jhipster.registry.password}@jhipster-registry.jhipster.svc.cluster.local:8761/config
JHIPSTER_REGISTRY_PASSWORD: <set to the key 'registry-admin-password' in secret 'registry-secret'> Optional: false
EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE: http://admin:${jhipster.registry.password}@jhipster-registry.jhipster.svc.cluster.local:8761/eureka/
SPRING_DATASOURCE_URL: jdbc:mysql://invoice-mysql.jhipster.svc.cluster.local:3306/invoice?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true
SPRING_SLEUTH_PROPAGATION_KEYS: x-request-id,x-ot-span-context
JAVA_OPTS: -Xmx256m -Xms256m
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-s8qbq (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-s8qbq:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-s8qbq
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 5m57s default-scheduler Successfully assigned jhipster/invoice-75859c6479-f9vmh to kworker1
Normal Pulling 5m56s kubelet, kworker1 Pulling image "busybox:latest"
Normal Pulled 5m54s kubelet, kworker1 Successfully pulled image "busybox:latest" in 1.873312412s
Normal Created 5m54s kubelet, kworker1 Created container init-ds
Normal Started 5m53s kubelet, kworker1 Started container init-ds
Normal BackOff 4m10s (x4 over 5m5s) kubelet, kworker1 Back-off pulling image "docker.pkg.github.com/jhipsterapps/kubernetes/invoice"
Normal Pulling 3m58s (x4 over 5m32s) kubelet, kworker1 Pulling image "docker.pkg.github.com/jhipsterapps/kubernetes/invoice"
Warning Failed 3m58s (x4 over 5m32s) kubelet, kworker1 Failed to pull image "docker.pkg.github.com/jhipsterapps/kubernetes/invoice": rpc error: code = Unknown desc = Error response from daemon: Get https://docker.pkg.github.com/v2/jhipsterapps/kubernetes/invoice/manifests/latest: no basic auth credentials
Warning Failed 3m58s (x4 over 5m32s) kubelet, kworker1 Error: ErrImagePull
Warning Failed 55s (x16 over 5m5s) kubelet, kworker1 Error: ImagePullBackOff
4条答案
按热度按时间o2rvlv0m1#
机密必须与部署在同一个名称空间中,才能使用它从Docker注册中心提取。
因此,当您创建密钥时,您用途:
如果你使用2fa和password(在regcred中),这也可能是一个问题,在这种情况下,你应该创建一个访问令牌作为密码。
vjrehmav2#
对我来说,我不得不添加一个https://到docker-server,即.
qnakjoqk3#
我在
minikube
中遇到过这个问题。使用aws_session_token
作为密码并再次使用aws_session_token
对我有效。mlmc2os54#
我也为这个问题挣扎了大约1个小时,感谢上面的答案,然而,不幸的是,我无法用你的解决方案解决我的问题,可能是我的环境不同.最后我找到了一个kubernetes文档,我尝试了下面的步骤来访问我的私人docker注册表.
1.运行docker login-u ${用户名}-p ${密码}。这将创建一个名为"config.json"的配置文件,位于~/. docker/
1.运行以下命令。
1.将创建的密码(此处为regcred)添加到部署中。
1.如果您的部署不在默认名称空间下,请务必小心,您必须使用kubectl的-n选项在与步骤2中的部署相同的名称空间下创建secret。
Kubernetes文档URL:https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/