可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I have problem with kubernetes (minikube) and pull images from local image repository on docker.
Docker repository was created:
docker run --entrypoint htpasswd registry:2 -Bbn zordon examplePassword > /mnt/LINUX/auth/htpasswd
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v /mnt/LINUX/dockerreg:/var/lib/registry \
-v /mnt/LINUX/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
registry:2
Then I want to create simple pod with image which was succesfully uploaded to local repository:
curl localhost:5000/v2/_catalog
{"repositories":["car/configuration"]}
I have also create secret on minikube cluster with:
kubectl create secret docker-registry docregkey --docker-server=localhost:5000 --docker-username=zordon --docker-password=examplePassword --docker-email=test@dock.mail
and define simple Pod:
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: car/configuration:latest
imagePullPolicy: Always
restartPolicy: Always
imagePullSecrets:
- name: docregkey
unfortunatelly I getting still:
Failed to pull image "car/configuration:latest": rpc error: code =
Unknown desc = Error response from daemon: pull access denied for
car/configuration, repository does not exist or may require 'docker
login'
How i can fix this problem ?
回答1:
The problem is with image pull policy - you have set thist to Always (default setting) and it meand that docker deamon tries alway to pull image from outer docker registry - and you want to use local one instead
try tu add --image-pull-policy=Never when creating deployment
good tutorial of using locally created image is here (it helped me):
https://kubernetes.io/docs/tutorials/hello-minikube/#create-a-docker-container-image
回答2:
The Problem is with the image name you are mentioning in the POD yaml file.
image: car/configuration:latest
This will try to pull from the global registry rather than local registry.Change the image name to include the repository too.
image: localhost:5000/car/configuration:latest
And make sure that you have included insecure registry in your docker daemon configuration if your registry is not secured.
回答3:
Because Minikube is VM not a your localhost.
You try this code eval $(minikube docker-env)
https://kubernetes.io/docs/getting-started-guides/minikube/
- Open Terminal
eval $(minikube docker-env)- docker build .
- kubectl create -f deployment.yaml
just valid this terminal.
if closed terminal again open terminal and write eval $(minikube docker-env)
eval $(minikube docker-env) this code build image in Minikube
回答4:
Private registry in Minikube
kubectl create -f kube-registry.yaml
(Grab kube-registry.yaml from this gist on github.)
and you need port-forward minikube to localhost (Just image build time)
kubectl port-forward --namespace kube-system \
$(kubectl get po -n kube-system | grep kube-registry-v0 | \
awk '{print $1;}') 5000:5000
After this, from the host curl localhost:5000 should return a valid response from the docker registry running on minikube
Repo : http://localhost:5000/v2/_catalog
Pull image : localhost:5000/image_name:image_tag
Reference: https://blog.hasura.io/sharing-a-local-registry-for-minikube-37c7240d0615
回答5:
I wanted a one line solution to execute in my terminal. Everything else I tried was overly complex to auth ecr with minikube.
This is my command for aws ecr login that I run each day because the token expires. The examples below are for Debian 9 with AWS ECR.
shell
kubectl create secret docker-registry aws-ecr-credentials \
--docker-server=$ECR_REGISTRY \
--docker-username=AWS \
--docker-password=$(aws ecr get-login | awk '{print $6}') \
--docker-email=$IAM_EMAIL \
--namespace=$KUBE_NAMESPACE
template.yml
spec:
imagePullSecrets:
- name: aws-ecr-credentials
回答6:
When you run Kubernetes in Docker for Desktop your applications will share the same image registry across Docker and Kubernetes. List od all images:
docker images --all
Choose of them and run it with changed atribute --image-pull-policy=Never. For example:
kubectl run ContainerName --image=myimage/server --port=8080 --image-pull-policy=Never
By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local image is used (preferentially or exclusively, respectively). Link
It's mean, that Kubernetes pull image from local registry, not remote cloud.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 迷人小祖宗 的文章《Kubernetes cannot pull image from private docker i》','https://www.manongdao.com/article-956323.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}