记一次kubernetes配置secret拉取私仓镜像错误
把Harbor镜像仓库改成私有,发现拉取加了Secret,还是报错,下面为详细的现象和解决方法。
master主节点:
[root@k8s-master secrets]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://lara9y80.mirror.aliyuncs.com"], "insecure-registries":[ "192.168.180.105:1180" ] } [root@k8s-master secrets]#
Pod.yaml
[root@k8s-master secrets]# cat pod.yaml apiVersion: v1 kind: Pod metadata: name: nginx spec: containers: - name: nginx image: 192.168.180.105:1180/topcheer/nginx:1.1 imagePullSecrets: - name: myregistrykey [root@k8s-master secrets]#
[root@k8s-master secrets]# kubectl create -f pod.yaml pod/nginx created [root@k8s-master secrets]# kubectl get pod NAME READY STATUS RESTARTS AGE my-nginx-5d57c6897b-gh5v6 1/1 Running 0 71m nginx 0/1 ImagePullBackOff 0 4s pod-deployment-86575c7c5-d2pjf 1/1 Running 0 41m pod-deployment-86575c7c5-rcmq8 1/1 Running 0 41m seret-test 1/1 Running 0 76m [root@k8s-master secrets]# kubectl describe pod nginx Name: nginx Namespace: default Priority: 0 Node: k8s-node01/192.168.180.135 Start Time: Thu, 26 Dec 2019 16:19:28 +0800 Labels: <none> Annotations: <none> Status: Pending IP: 10.244.2.47 IPs: IP: 10.244.2.47 Containers: nginx: Container ID: Image: 192.168.180.105:1180/topcheer/nginx:1.1 Image ID: Port: <none> Host Port: <none> State: Waiting Reason: ImagePullBackOff Ready: False Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-6wcrh (ro) Conditions: Type Status Initialized True Ready False ContainersReady False PodScheduled True Volumes: default-token-6wcrh: Type: Secret (a volume populated by a Secret) SecretName: default-token-6wcrh Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled <unknown> default-scheduler Successfully assigned default/nginx to k8s-node01 Normal Pulling 9s kubelet, k8s-node01 Pulling image "192.168.180.105:1180/topcheer/nginx:1.1" Warning Failed 9s kubelet, k8s-node01 Failed to pull image "192.168.180.105:1180/topcheer/nginx:1.1": rpc error: code = Unknown desc = Error response from daemon: Get https://192.168.180.105:1180/v2/: http: server gave HTTP response to HTTPS client Warning Failed 9s kubelet, k8s-node01 Error: ErrImagePull Normal BackOff 7s (x2 over 8s) kubelet, k8s-node01 Back-off pulling image "192.168.180.105:1180/topcheer/nginx:1.1" Warning Failed 7s (x2 over 8s) kubelet, k8s-node01 Error: ImagePullBackOff
kubectl create secret docker-registry myregistrykey --docker-server=192.168.180.105:1180 --docker-username=admin --docker-password=Harbor12345 --docker-email=test.com
发现一直拉取错误,发现自己的操作没有问题,突然想起了,master会把任务分配给子节点,2个节点没有配置认证
[root@k8s-node02 ~]# vim /etc/docker/daemon.json [root@k8s-node02 ~]# systemctl daemon-reload [root@k8s-node02 ~]# systemctl restart docker [root@k8s-node01 ~]# vim /etc/docker/daemon.json [root@k8s-node01 ~]# systemctl daemon-reload [root@k8s-node01 ~]# systemctl restart docker
改成和matser一样的,就成功了
[root@k8s-master secrets]# kubectl get pod NAME READY STATUS RESTARTS AGE my-nginx-5d57c6897b-gh5v6 1/1 Running 1 88m nginx 0/1 ContainerCreating 0 12s pod-deployment-86575c7c5-d2pjf 1/1 Running 1 58m pod-deployment-86575c7c5-rcmq8 1/1 Running 2 58m seret-test 1/1 Running 2 93m [root@k8s-master secrets]# kubectl get pod NAME READY STATUS RESTARTS AGE my-nginx-5d57c6897b-gh5v6 1/1 Running 1 89m nginx 1/1 Running 0 35s pod-deployment-86575c7c5-d2pjf 1/1 Running 1 58m pod-deployment-86575c7c5-rcmq8 1/1 Running 2 58m seret-test 1/1 Running 2 94m [root@k8s-master secrets]# kubectl get pod NAME READY STATUS RESTARTS AGE my-nginx-5d57c6897b-gh5v6 1/1 Running 1 93m nginx 1/1 Running 0 4m44s pod-deployment-86575c7c5-d2pjf 1/1 Running 1 63m pod-deployment-86575c7c5-rcmq8 1/1 Running 2 63m seret-test 1/1 Running 2 98m [root@k8s-master secrets]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES my-nginx-5d57c6897b-gh5v6 1/1 Running 1 93m 10.244.1.45 k8s-node02 <none> <none> nginx 1/1 Running 0 4m55s 10.244.2.52 k8s-node01 <none> <none> pod-deployment-86575c7c5-d2pjf 1/1 Running 1 63m 10.244.2.50 k8s-node01 <none> <none> pod-deployment-86575c7c5-rcmq8 1/1 Running 2 63m 10.244.1.44 k8s-node02 <none> <none> seret-test 1/1 Running 2 98m 10.244.2.51 k8s-node01 <none> <none>
发现在node01运行了,镜像也在node01上
[root@k8s-node01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest b534869c81f0 3 weeks ago 1.22MB 192.168.180.105:1180/topcheer/nginx 1.1 540a289bab6c 2 months ago 126MB registry.aliyuncs.com/google_containers/kube-proxy v1.16.0 c21b0c7400f9 3 months ago 86.1MB quay.io/kubernetes-ingress-controller/nginx-ingress-controller 0.25.0 02149b6f439f 5 months ago 508MB quay.io/coreos/flannel v0.11.0-amd64 ff281650a721 11 months ago 52.6MB wangyanglinux/myapp v1 d4a5e0eaa84f 22 months ago 15.5MB wangyanglinux/myapp v3 61f932bf5041 22 months ago 15.5MB wangyanglinux/myapp v2 54202d3f0f35 22 months ago 15.5MB registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 2 years ago 742kB [root@k8s-node01 ~]#