要在 Kubernetes 使用私有倉庫並不難
只需要照著官方的教學設定即可
當我在用 minikube 時卻一直無法成功 pull image
我的 pod yaml 設定:
apiVersion: v1 kind: Pod metadata: name: my-first-pod labels: app: nginx-server spec: containers: - name: pod-demo-nginx image: xxx.xxx.xxx.xxx/k8s-demo/nginx-demo:v1 ports: - containerPort: 80 imagePullSecrets: - name: myprivatesecret
加入 pod
$ kubectl create -f first-pod.yml
pod "my-first-pod" created
$ kubectl get pod
NAME READY STATUS RESTARTS AGE
my-first-pod 0/1 ErrImagePull 0 0s
錯誤一直是 pull image error
查看詳細資訊
$ kubectl describe pod my-first-pod [12:51:51]
Name: my-first-pod
Namespace: default
Node: minikube/192.168.99.100
Start Time: Sat, 20 Jan 2018 12:50:43 +0800
Labels: app=nginx-server
Annotations: <none>
Status: Pending
IP: 172.17.0.3
Containers:
pod-demo-nginx:
Container ID:
Image: xxx.xxx.xxx.xxx/k8s-demo/nginx-demo:v1
Image ID:
Port: 80/TCP
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-mrl4l (ro)
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
Volumes:
default-token-mrl4l:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-mrl4l
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 1m default-scheduler Successfully assigned my-first-pod to minikube
Normal SuccessfulMountVolume 1m kubelet, minikube MountVolume.SetUp succeeded for volume "default-token-mrl4l"
Normal BackOff 19s (x5 over 1m) kubelet, minikube Back-off pulling image "xxx.xxx.xxx.xxx/k8s-demo/nginx-demo:v1"
Normal Pulling 6s (x4 over 1m) kubelet, minikube pulling image "xxx.xxx.xxx.xxx/k8s-demo/nginx-demo:v1"
Warning Failed 6s (x4 over 1m) kubelet, minikube Failed to pull image "xxx.xxx.xxx.xxx/k8s-demo/nginx-demo:v1": rpc error: code = Unknown desc = Error response from daemon: Get https://xxx.xxx.xxx.xxx/v2/: x509: cannot validate certificate for xxx.xxx.xxx.xxx because it doesn't contain any IP SANs
Warning FailedSync 6s (x9 over 1m) kubelet, minikube Error syncing pod
這才發現關鍵的錯誤訊息
Failed to pull image "xxx.xxx.xxx.xxx/k8s-demo/nginx-demo:v1": rpc error: code = Unknown desc = Error response from daemon: Get https://xxx.xxx.xxx.xxx/v2/: x509: cannot validate certificate for xxx.xxx.xxx.xxx because it doesn't contain any IP SANs
原來是認證沒通過
但我有在本機加入 insecure region
所以一直都可以正常 pull image
想了一想
kubernetes 是控制 minikube
所以是在 minikube 裡 pull image
而 minikube 並沒有加入 insecure 的設定!
找了方法
要在啟動時加入參數
如果已經啟動之後這參數會被忽略
重新啟動也一樣
所以要先刪除現有 minikube
再重建一個才可以
$ minikube delete
Deleting local Kubernetes cluster...
Machine deleted.
重新啟動,並加入 insecure 參數
$ minikube start --insecure-registry="xxx.xxx.xxx.xxx"
Starting local Kubernetes v1.8.0 cluster...
Starting VM...
Getting VM IP address...
Moving files into cluster...
Setting up certs...
Connecting to cluster...
Setting up kubeconfig...
Starting cluster components...
Kubectl is now configured to use the cluster.
Loading cached images from config file.
再重建 pod
$ kubectl create -f first-pod.yml
pod "my-first-pod" created
$ kubectl get pod my-first-pod [13:21:32]
NAME READY STATUS RESTARTS AGE
my-first-pod 1/1 Running 0 11s
發現成功run了!