问题现象
注:记录一个Kubernetes问题,在一次测试的时候偶然发现Kubernetes不管这么都无法从Harbor仓库拉取镜像,哪怕已经Login或daemon.json文件指定私有仓库还是不行,话不多说直接开始模拟现象。
在这里为了更好的模拟现象我们先编写一个nginx.yml文件
apiVersion: apps/v1 # apiVersion是当前配置格式的版本
kind: Deployment # kind是要创建的资源类型,这里是Deploymnet
metadata: # metadata是该资源的元数据,name是必须的元数据项
name: nginx-deployment
labels:
app: nginx
spec: # spec部分是该Deployment的规则说明
replicas: 3 # relicas指定副本数量,默认为1
selector:
matchLabels:
app: nginx
template: # template定义Pod的模板,这是配置的重要部分
metadata: # metadata定义Pod的元数据,至少要顶一个label,label的key和value可以任意指定
labels:
app: nginx
spec: # spec描述的是Pod的规则,此部分定义pod中每一个容器的属性,name和image是必需的
containers:
- name: nginx
image: reg.xxxxx.net/nginx/nginx:1.15.6 # 私有仓库的镜像地址
ports:
- containerPort: 80
[root@k8s-master01 kubernetes-Yaml]# kubectl create -f nginx.yaml
[root@k8s-master01 kubernetes-Yaml]# kubectl get pod -o wide # 可以看到所有的镜像都是ImagePull失败了
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deployment-5985dc6798-dv8xj 0/1 ImagePullBackOff 0 12s 10.244.1.6 k8s-node01 <none> <none>
nginx-deployment-5985dc6798-h5n65 0/1 ImagePullBackOff 0 11s 10.244.1.5 k8s-node01 <none> <none>
nginx-deployment-5985dc6798-mb5bk 0/1 ImagePullBackOff 0 11s 10.244.2.5 k8s-node02 <none> <none>
[root@k8s-master01 kubernetes-Yaml]# kubectl describe pod nginx-deployment-5985dc6798-dv8xj
------
------
------
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 13s default-scheduler Successfully assigned default/nginx-deployment-5ffd8644dd-26mtb to k8s-node01
Normal Pulling 12s kubelet, k8s-node01 Pulling image "reg.xxx.net/nginx/nginx:1.15.6"
Warning Failed 12s kubelet, k8s-node01 Failed to pull image "reg.xxx.net/nginx/nginx:1.15.6": rpc error: code = Unknown desc = Error response from daemon: unauthorized: unauthorized to access repository: nginx/nginx, action: pull: unauthorized to access repository: nginx/nginx, action: pull
Warning Failed 12s kubelet, k8s-node01 Error: ErrImagePull
Normal BackOff 10s (x2 over 11s) kubelet, k8s-node01 Back-off pulling image "reg.xxx.net/nginx/nginx:1.15.6"
Warning Failed 10s (x2 over 11s) kubelet, k8s-node01 Error: ImagePullBackOff
添加镜像仓库的Secret 名字为docker-harbor
[root@k8s-master01 kubernetes-Yaml]# kubectl create secret docker-registry docker-harbor \
--docker-server=reg.xxx.net \
--docker-username=xxx \
--docker-password=xxx \
--docker-email=xxx@xxx
注:docker-harbor:secret的名称
–docker-server:Harbor仓库地址
–docker-username:Harbor仓库登录用户
–docker-password:Harbor仓库登录密码
–docker-email:接收邮件
–namespace:也可以指定命名空间如果不指定的话默认是default
nginx.yaml文件引用刚刚创建的secret
添加:
imagePullSecrets:
- name: docker-harbor # secret的名称
完整的Yaml文件
apiVersion: apps/v1 # apiVersion是当前配置格式的版本
kind: Deployment # kind是要创建的资源类型,这里是Deploymnet
metadata: # metadata是该资源的元数据,name是必须的元数据项
name: nginx-deployment
labels:
app: nginx
spec: # spec部分是该Deployment的规则说明
replicas: 3 # relicas指定副本数量,默认为1
selector:
matchLabels:
app: nginx
template: # template定义Pod的模板,这是配置的重要部分
metadata: # metadata定义Pod的元数据,至少要顶一个label,label的key和value可以任意指定
labels:
app: nginx
spec: # spec描述的是Pod的规则,此部分定义pod中每一个容器的属性,name和image是必需的
containers:
- name: nginx
image: reg.xxx.net/nginx/nginx:1.15.6
ports:
- containerPort: 80
imagePullSecrets:
- name: docker-harbor
[root@k8s-master01 kubernetes-Yaml]# kubectl delete -f nginx.yaml # 删除上面部署的重新部署
[root@k8s-master01 kubernetes-Yaml]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deployment-7d7646575-bkbtv 1/1 Running 0 55s 10.244.1.10 k8s-node01 <none> <none>
nginx-deployment-7d7646575-dw5qb 1/1 Running 0 55s 10.244.1.9 k8s-node01 <none> <none>
nginx-deployment-7d7646575-qgpgj 1/1 Running 0 55s 10.244.2.7 k8s-node02 <none> <none>
创建svc跟nginx进行绑定看一下是否可以正常访问
[root@k8s-master01 kubernetes-Yaml]# kubectl expose deployment nginx-deployment --type="NodePort" --port=80 --name="nginx"
[root@k8s-master01 kubernetes-Yaml]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx NodePort 10.99.230.106 <none> 80:31500/TCP 4s
访问验证一下:可以出现内容说明没有问题