k8s使用私有鏡像倉庫Harbor下載下傳鏡像時當Pod配置設定到其中一個節點時無法下載下傳鏡像報錯ImagePullBackOff
cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7sl94zzz.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.1.11","192.168.1.61"]
}
檢視pod描述
Failed to pull image "192.168.1.11/project/tomcat": rpc error: code = Unknown desc = Error response from daemon: pull access denied for 192.168.1.11/project/tomcat, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
配置的secret配置檔案如下
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjEuNjEiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuNiAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson
該秘鑰擷取方式為在已經登入私有鏡像倉庫的node使用指令擷取
cat /root/.docker/config.json | base64 -w0
使用yaml檔案建立的秘鑰在其中一台node沒有生效 ,使用指令建立一個secret
kubectl create secret docker-registry registry-pull-secret --namespace=default --docker-server=192.168.1.11 --docker-username=admin --docker-password=Harbor12345 [email protected]
使用指令建立的格式為
kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER
--docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
其中my-secret為自定義name
把使用指令建立的secret導出yaml檔案進行對比
kubectl get secret registry-pull-secret -o yaml>>registry-pull-secret.yaml