kubernetes - 从私有(private)注册表中提取镜像失败 - ImagePullBackOff

Question

在我们的 K8S Worker 节点上，使用以下命令创建了“ secret ”，以从我们的私有(private) (Nexus) 注册表中提取镜像。

kubectl create secret docker-registry regcred --docker-server=https://nexus-server/nexus/ --docker-username=admin --docker-password=password <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2b06064f4448404e59064e464a4247165e584e596b4844465b4a455205484446" rel="noreferrer noopener nofollow">[email protected]</a>

在K8S Worker节点中创建my-private-reg-pod.yaml，如下。

apiVersion: v1
kind: Pod
metadata:
  name: test-pod
spec:
  containers:
  - name: private-reg-container
    image: nexus-server:4546/ubuntu-16:version-1
  imagePullSecrets:
  - name: regcred

使用以下命令创建 Pod

kubectl create -f my-private-reg-pod.yaml

kubectl get pods

NAME       READY   STATUS             RESTARTS   AGE
test-pod   0/1     ImagePullBackOff   0          27m

kubectl describe pod test-pod

Events:
  Type     Reason     Age                   From                   Message
  ----     ------     ----                  ----                   -------
  Normal   Scheduled  <unknown>             default-scheduler      Successfully assigned default/test-pod to k8s-worker01
  Warning  Failed     26m (x6 over 28m)     kubelet, k8s-worker01  Error: ImagePullBackOff
  Normal   Pulling    26m (x4 over 28m)     kubelet, k8s-worker01  Pulling image "sonatype:4546/ubuntu-16:version-1"
  Warning  Failed     26m (x4 over 28m)     kubelet, k8s-worker01  Failed to pull image "nexus-server:4546/ubuntu-16:version-1": rpc error: code = Unknown desc = Error response from daemon: Get https://nexus-server.domain.com/nexus/v2/ubuntu-16/manifests/ver-1: no basic auth credentials
  Warning  Failed     26m (x4 over 28m)     kubelet, k8s-worker01  Error: ErrImagePull
  Normal   BackOff    3m9s (x111 over 28m)  kubelet, k8s-worker01  Back-off pulling image "nexus-server:4546/ubuntu-16:version-1"

在终端 Nexus 上登录可以正常工作

docker login nexus-server:4546

Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

这部分我缺少什么？

Answer 1

自从我的docker在终端上登录 nexus 成功，所以我删除了我的 secret并使用 kubectl create secret generic regcred \ --from-file=.dockerconfigjson=<path/to/.docker/config.json> \ --type=kubernetes.io/dockerconfigjson 创建它起作用了。