我用kubeadm和docker 18.09.4安装了K8S,它工作正常。然后我安装了gcloud,运行gcloud init并选择我的项目,其中gcr被激活,继续使用gcloud components install kubectl docker-credentials-gcr,然后是docker-credentials-gcr configure-docker。
在那个阶段,docker可以从我自己的gcr注册表中提取图像,而kubelet则不能。
基本上,如果我运行docker run --rm --name hello gcr.io/own-gcr/hello-world它从注册表中拉出图像并启动容器。如果我从我的本地注册表中删除该图像并运行``它失败,并带有以下描述:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 23s default-scheduler Successfully assigned default/node-hello-6b99957775-9dvvw to lfr025922-docker
Normal BackOff 20s (x2 over 21s) kubelet, lfr025922-docker Back-off pulling image "gcr.io/own-gcr/node-hello"
Warning Failed 20s (x2 over 21s) kubelet, lfr025922-docker Error: ImagePullBackOff
Normal Pulling 9s (x2 over 22s) kubelet, lfr025922-docker Pulling image "gcr.io/own-gcr/node-hello"
Warning Failed 9s (x2 over 21s) kubelet, lfr025922-docker Failed to pull image "gcr.io/own-gcr/node-hello": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
Warning Failed 9s (x2 over 21s) kubelet, lfr025922-docker Error: ErrImagePull
我当然遵循https://cloud.google.com/container-registry/docs/advanced-authentication页面上的所有说明,但没有一个成功。
你知道kubelet 1.14和docker 18.09.5有什么问题吗?是不是kubelet应该依靠潜在的CRI(这里docker)?你知道可能导致这个问题的原因吗?
@VasilyAngapov是真的。
我按照这里提供的技巧https://container-solutions.com/using-google-container-registry-with-kubernetes/,它运行得很好(使用访问令牌与oauth2accesstoken)
非常感谢。