/tmp/image-pull-secret-6ren">
gpt4 book ai didi

amazon-web-services - Kubernetes "unauthorized: authentication required"

转载 作者:行者123 更新时间:2023-12-03 17:33:35 25 4
gpt4 key购买 nike

我有一个 GKE 集群,它使用 AWS ECR 存储库来拉取 docker 镜像。这些是我遵循的步骤。

使用此命令创建了一个 secret

# cat > /tmp/image-pull-secret.yaml << EOF
apiVersion: v1
kind: Secret
metadata:
name: myregistrykey
data:
.dockerconfigjson: $(aws ecr get-authorization-token --output json | jq -n 'input.authorizationData | {auths: (reduce .[] as $d ({}; . + {($d.proxyEndpoint|sub("https?://";"")): {auth:$d.authorizationToken}}))}' | (base64 -w0 2>/dev/null || base64) )
type: kubernetes.io/dockerconfigjson
EOF

# kubectl apply -f /tmp/image-pull-secret.yaml

创建了部署但出现错误
# cat abc_deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: abc-deployment
labels:
app: abc
env: development
spec:
replicas: 3
selector:
matchLabels:
app: abc
env: development
template:
metadata:
labels:
app: abc
env: development
spec:
containers:
- name: abc
image: 34235354354.dkr.ecr.us-east-1.amazonaws.com/dev-abc:1.1.1
ports:
- containerPort: 8080
imagePullSecrets:
- name: myregistrykey

我得到的错误
++++++++++++++++++++
  Normal   Pulling                1m (x2 over 1m)  kubelet, gke-puppy-default-pool-e701eb52-6gdp  pulling image "34235354354.dkr.ecr.us-east-1.amazonaws.com/dev-abc:1.1.1"
Warning Failed 1m (x2 over 1m) kubelet, gke-puppy-default-pool-e701eb52-6gdp Failed to pull image "34235354354.dkr.ecr.us-east-1.amazonaws.com/dev-abc:1.1.1": rpc error: code = Unknown desc = unauthorized: authentication required
Warning Failed 1m (x2 over 1m) kubelet, gke-puppy-default-pool-e701eb52-6gdp Error: ErrImagePull
Normal BackOff 1m (x6 over 1m) kubelet, gke-puppy-default-pool-e701eb52-6gdp Back-off pulling image "34235354354.dkr.ecr.us-east-1.amazonaws.com/dev-abc:1.1.1"
Warning Failed 1m (x6 over 1m) kubelet, gke-puppy-default-pool-e701eb52-6gdp Error: ImagePullBackOff

我们如何修复这个错误?

最佳答案

从技术上讲,您将 docker auth token 放入 imagePullSecret 的方法应该工作 - 这是Kubernetes documentation on integrating a private registry也推荐。
然而,问题是 ECR 的 docker auth token is only valid for 12 hours .也许认证错误只发生在这段时间之后?
相反,您可以做的是创建一个 CronJob 来刷新 docker auth token 并重新创建 imagePullSecret (您可以找到有关它的更多信息 hereherehere )。
也有为此目的预先构建的 docker 镜像,例如ecr-kube-helperk8s-ecr-login-renew .

关于amazon-web-services - Kubernetes "unauthorized: authentication required",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50201196/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com