在Google Kubernetes Engine中,我为我们的公司创建了一个POC集群,该集群运行良好。但是现在,当我尝试创建生产环境时,似乎无法使imagesPullSecrets正常工作,它的凭证与POC,相同的掌 Helm chart 和相同的regcred yaml文件中的凭证完全相同。
然而,我一直保持经典:
Back-off pulling image "registry.company.co/frontend/company-web/upload": ImagePullBackOff
我已经尝试在图表级别和服务帐户上定义imagesPullSecret
由
kubectl create secret docker-registry regcred --docker-server="registry.company.co" --docker-username="gitlab" --docker-password="[PASSWORD]"
生成的Regcredsecret 秘诀
kind: Secret
apiVersion: v1
metadata:
name: regcred
namespace: default
data:
.dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeS5jb21wYW55LmNvIjp7InVzZXJuYW1lIjoiZ2l0bGFiIiwicGFzc3dvcmQiOiJbUkVEQUNURURdIiwiYXV0aCI6IloybDBiR0ZpT2x0QmJITnZJRkpsWkdGamRHVmtYUT09In19fQ==
type: kubernetes.io/dockerconfigjson
服务帐号
kind: ServiceAccount
apiVersion: v1
metadata:
name: default
namespace: default
secrets:
- name: default-token-jktj5
imagePullSecrets:
- name: regcred
Deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nfs-server
spec:
replicas: 1
selector:
matchLabels:
role: nfs-server
template:
metadata:
labels:
role: nfs-server
spec:
containers:
- name: nfs-server
image: gcr.io/google_containers/volume-nfs:latest
ports:
- name: nfs
containerPort: 2049
- name: mountd
containerPort: 20048
- name: rpcbind
containerPort: 111
securityContext:
privileged: true
volumeMounts:
- mountPath: /exports
name: mypvc
initContainers:
- name: init-volume-perms
imagePullPolicy: Always
image: alpine
command: ["/bin/sh", "-c"]
args: ["mkdir /mnt/company-logos; mkdir /mnt/uploads; chown -R 1337:1337 /mnt"]
volumeMounts:
- mountPath: /mnt
name: mypvc
- name: company-web-uploads
image: registry.company.co/frontend/company-web/uploads
imagePullPolicy: Always
volumeMounts:
- mountPath: /var/lib/company/web/uploads
subPath: uploads
name: mypvc
- name: company-logos
image: registry.company.co/backend/pdf-service/company-logos
imagePullPolicy: Always
volumeMounts:
- mountPath: /var/lib/company/shared/company-logos
subPath: company-logos
name: mypvc
volumes:
- name: mypvc
gcePersistentDisk:
pdName: gke-nfs-disk
fsType: ext4
我环顾四周,从头开始遵循不同的指导,直到没有成功。
所以我完全不知所措。
周围的默认 namespace
最佳答案
可能是因为 namespace 问题。你能验证几件事吗
kubectl get secret default-token-jktj5 -o yaml > imagepullsecret.yaml
之类的东西来重新创建工作 secret 吗?编辑yaml文件以删除修订和其他状态信息。将其应用于prod 关于kubernetes - 即使定义了imagesPullSecret,GKE也无法提取图像,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56972125/