我有一个 Helm Chart,它使用 aws ecr 来提取图像并将其部署到本机 Kubernetes 中:
图表.yml:
apiVersion: v2
description: helm chart for microservice-registry
name: microservice-registry
type: application
version: 0.0.1
values.yaml
namespace:
replica: 1
labels:
app: microservice-registry
imagePullSecrets: microservice-registry-secret
image:
repository: 123456789.dkr.ecr.us-east-1.amazonaws.com/microservice-registry
tag: 0.0.1
imagePullPolicy: Always
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
service:
containerPort: 8761
port: 80
type: NodePort
nodePort: 30061
secrets:
data:
.dockerconfigjson: 123456789
type: kubernetes.io/dockerconfigjson
awscreds:
data:
SECRET_KEY: 123456789
ACCESS_KEY: 123456789
name: awscreds-registry
region: us-east-1
cronjob:
name: microservice-registry-job
image: gtsopour/awscli-kubectl:latest
当我部署舵图时,我得到:
root@node1:~# kubectl get pods
NAME READY STATUS RESTARTS AGE
microservice-registry-7c4654467c-q292p 0/1 ImagePullBackOff 0 17m
cicd 1/1 Running 1 (22d ago) 44d
grafana-f6d989bbf-hrr6c 1/1 Running 1 (22d ago) 45d
ingress-nginx-controller-6b8bfd7f69-cwd2b 1/1 Running 1 (22d ago) 35d
nfs-subdir-external-provisioner-5f7dff96d9-rj75j 1/1 Running 39 (2d3h ago) 38d
zookeeper-0 1/1 Running 1 (22d ago) 38d
root@node1:~#
日志:
root@node1:~# kubectl logs microservice-registry-7c4654467c-q292p
Error from server (BadRequest): container "microservice-registry" in pod "microservice-registry-7c4654467c-q292p" is waiting to start: trying and failing to pull image
root@node1:~#
我有一个类似的服务,它使用相同的 aws ecr 凭证。已经部署成功了。你知道我该如何解决这个问题吗?
政策 JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
"ecr:GetAuthorizationToken"
],
"Resource": "*"
}
]
}
根据您的https://pastebin.com/7x3NjD8s,您从 ECR 获得了
401 UnauthorizedImagePullSecretsImagePullSecrets