docker - Kubernetes : Containers not starting using private registry

Question

我有一个在 debian 上运行的 kubernetes 1.1.1 的工作安装

我还有一个在 v2 中运行良好的私有(private)注册表。

我面临一个奇怪的问题。

在 master 中定义一个 pod

apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: docker-registry.hiberus.com:5000/debian:ssh
imagePullSecrets:
- name: myregistrykey

我也有我主人的 secret myregistrykey kubernetes.io/dockercfg 1 44m
我的 config.json 就是这样制作的

{
"auths": {
"https://docker-registry.hiberus.com:5000": {
"auth": "anNhdXJhOmpzYXVyYQ==",
"email": "jsaura@heraldo.es"
}
}
}

所以我做了base64并创建了我的 secret 。

简单得要命

在我的节点上，图像被拉出没有任何问题

docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker-registry.hiberus.com:5000/debian ssh 3b332951c107 29 minutes ago 183.3 MB
golang 1.4 2819d1d84442 7 days ago 562.7 MB
debian latest 91bac885982d 8 days ago 125.1 MB
gcr.io/google_containers/pause 0.8.0 2c40b0526b63 7 months ago 241.7 kB

但我的容器没有启动

./kubectl describe pod nginx
Name: nginx
Namespace: default
Image(s): docker-registry.hiberus.com:5000/debian:ssh
Node: 192.168.29.122/192.168.29.122
Start Time: Wed, 18 Nov 2015 17:08:53 +0100
Labels: app=nginx
Status: Running
Reason:
Message:
IP: 172.17.0.2
Replication Controllers: 
Containers:
nginx:
Container ID: docker://3e55ab118a3e5d01d3c58361abb1b23483d41be06741ce747d4c20f5abfeb15f
Image: docker-registry.hiberus.com:5000/debian:ssh
Image ID: docker://3b332951c1070ba2d7a3bb439787a8169fe503ed8984bcefd0d6c273d22d4370
State: Waiting
Reason: CrashLoopBackOff
Last Termination State: Terminated
Reason: Error
Exit Code: 0
Started: Wed, 18 Nov 2015 17:08:59 +0100
Finished: Wed, 18 Nov 2015 17:08:59 +0100
Ready: False
Restart Count: 2
Environment Variables:
Conditions:
Type Status
Ready False
Volumes:
default-token-ha0i4:
Type: Secret (a secret that should populate this volume)
SecretName: default-token-ha0i4
Events:
FirstSeen LastSeen Count From SubobjectPath Reason Message
───────── ──────── ───── ──── ───────────── ────── ───────
16s 16s 1 {kubelet 192.168.29.122} implicitly required container POD Created Created with docker id 4a063be27162
16s 16s 1 {kubelet 192.168.29.122} implicitly required container POD Pulled Container image "gcr.io/google_containers/pause:0.8.0" already present on machine
16s 16s 1 {kubelet 192.168.29.122} implicitly required container POD Started Started with docker id 4a063be27162
16s 16s 1 {kubelet 192.168.29.122} spec.containers{nginx} Pulling Pulling image "docker-registry.hiberus.com:5000/debian:ssh"
15s 15s 1 {scheduler } Scheduled Successfully assigned nginx to 192.168.29.122
11s 11s 1 {kubelet 192.168.29.122} spec.containers{nginx} Created Created with docker id 36df2dc8b999
11s 11s 1 {kubelet 192.168.29.122} spec.containers{nginx} Pulled Successfully pulled image "docker-registry.hiberus.com:5000/debian:ssh"
11s 11s 1 {kubelet 192.168.29.122} spec.containers{nginx} Started Started with docker id 36df2dc8b999
10s 10s 1 {kubelet 192.168.29.122} spec.containers{nginx} Pulled Container image "docker-registry.hiberus.com:5000/debian:ssh" already present on machine
10s 10s 1 {kubelet 192.168.29.122} spec.containers{nginx} Created Created with docker id 3e55ab118a3e
10s 10s 1 {kubelet 192.168.29.122} spec.containers{nginx} Started Started with docker id 3e55ab118a3e
5s 5s 1 {kubelet 192.168.29.122} spec.containers{nginx} Backoff Back-off restarting failed docker container

它在内部循环尝试启动，但从不启动

奇怪的是，如果你在我的节点上手动执行运行命令，容器会毫无问题地启动，但是使用 pod 会拉取图像但永远不会启动..

难道我做错了什么？

如果我为我的 pod 使用公共(public)图像，它会毫无问题地启动.. 这只发生在我使用私有(private)图像时..

我也从debian搬到了ubuntu，没有运气同样的问题

我还将 secret 链接到默认服务帐户，仍然没有运气

克隆了最后一个 git 版本，编译，没有运气..

对我来说很明显问题出在使用私有(private)注册表，但我已经申请并遵循了我读过的所有信息，但仍然没有运气。

Answer 1

如果主进程已退出，则 docker 容器可能会退出。
你能分享容器日志吗？

如果你这样做 docker ps -a您应该会看到所有正在运行和退出的容器

运行docker container logs container_id

还可以尝试在交互和守护模式下运行你的容器，看看它是否只在守护模式下失败。

以守护程序模式运行 -

docker run -d -t Image_name

以交互模式运行 -

docker run -it Image_name

用于交互守护模式 docker run -idt Image_name
引用 - Why docker container exits immediately