导读 | 在k8s集群的使用过程中,初学者可能会碰到这样的(怪异)问题: 在一个k8s集群里,部署服务(用的私有镜像仓库,如harbor)的时候,只有个别node的服务是部署成功的,其他都是部署失败的。 |
错误的原因就是镜像拉取失败,如下:
kubectl get pods -A -owide |grep jenkins-demo devlopment jenkins-demo-67d4f9d666-2fh8k 1/1 Running 0 27m 10.244.2.40 local-k8s-nd02 devlopment jenkins-demo-dbc9f5b6b-h78tx 0/1 ImagePullBackOff 0 6m4s 10.244.6.93 local-k8s-nd03 production jenkins-demo-dbc9f5b6b-tnkfs 1/1 Running 0 5m47s 10.244.2.44 local-k8s-nd02 qatest jenkins-demo-67d4f9d666-hb22t 1/1 Running 0 27m 10.244.2.41 local-k8s-nd02 qatest jenkins-demo-dbc9f5b6b-d6txr 0/1 ImagePullBackOff 0 6m 10.244.6.94 local-k8s-nd03
查看失败详情
# kubectl describe pods -n qatest jenkins-demo-6cbfb64844-79n8l .......... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 78s default-scheduler Successfully assigned qatest/jenkins-demo-6cbfb64844-79n8l to local-k8s-nd03 Normal Pulling 37s (x3 over 78s) kubelet Pulling image "dev-hub.jiatuiyun.net/zeng/my-demo:429d9c1" Warning Failed 36s (x3 over 77s) kubelet Failed to pull image "dev-hub.jiatuiyun.net/zeng/my-demo:429d9c1": rpc error: code = Unknown desc = Error response from daemon: pull access denied for dev-hub.jiatuiyun.net/zeng/my-demo, repository does not exist or may require 'docker login': denied: requested access to the resource is denied Warning Failed 36s (x3 over 77s) kubelet Error: ErrImagePull Normal BackOff 6s (x5 over 77s) kubelet Back-off pulling image "dev-hub.jiatuiyun.net/zeng/my-demo:429d9c1" Warning Failed 6s (x5 over 77s) kubelet Error: ImagePullBackOff
然后我们去镜像拉取失败的机器上,直接用拉取,竟然是ok的
# docker pull dev-hub.jiatuiyun.net/zeng/my-demo:eb7ec1d eb7ec1d: Pulling from zeng/my-demo 4fe2ade4980c: Already exists 2e793f0ebe8a: Already exists 77995fba1918: Already exists 4495499e856d: Already exists 0ff8f8e34aa6: Already exists 6c24ea7b9085: Pull complete c07b8e5ec47b: Pull complete Digest: sha256:95077089b59358820c4c763ae8bc390e470c62ac3d212abfe38292ff6389c7bb Status: Downloaded newer image for dev-hub.jiatuiyun.net/zeng/my-demo:eb7ec1d dev-hub.jiatuiyun.net/zeng/my-demo:eb7ec1d
同一个集群,同一个镜像仓库的同一个镜像,只是node不同而已,个别node拉取镜像ok,其余node拉取镜像失败,为何? 其实这个问题的原因就处在,服务的部署文件里边没有配置拉取镜像用的secret,在服务配置文件中的名字是 imagePullSecrets 如下:
..... spec: imagePullSecrets: - name: registry-pull-secret containers: - image: dev-hub.xxxxx.net/zeng/my-demo: imagePullPolicy: IfNotPresent name: jenkins-demo .....
注意:如果服务分布在多个不同的namespace下,那在这些namespace下都要创建secret 至于secret如何创建就不在此赘述了,网上很多可以参考的资料。
原文来自:
本文地址://gulass.cn/image-pullsecrets-linux.html编辑:向云艳,审核员:逄增宝
Linux大全:
Linux系统大全: