gpt4 book ai didi

google-cloud-platform - 带有私有(private) Google Cloud 存储库的 GKE 上的 ImagePullBackOff

转载 作者:行者123 更新时间:2023-12-04 00:02:36 25 4
gpt4 key购买 nike

我正在使用以下(标准)部署在 GKE 中创建部署

apiVersion: apps/v1
kind: Deployment
metadata:
name: api-deployment
spec:
replicas: 1
selector:
matchLabels:
component: api
template:
metadata:
labels:
component: api
spec:
containers:
- name: api
image: eu.gcr.io/xxxx-xxx/api:latest
imagePullPolicy: Always
resources:
requests:
memory: "320Mi"
cpu: "100m"
limits:
memory: "450Mi"
cpu: "150m"
ports:
- containerPort: 5010

但是,出于某种原因,GKE 提示权限问题。容器位于同一项目和 PRIVATE 的容器注册表中,但据我所知,如果它与 GCP 项目 GKE 应该能够访问。 GKE 集群是 vpc 原生的(如果这可能会有所不同的话),因为这是我能想到的与使用相同容器和安装程序运行的集群相比的唯一区别。

Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 34m default-scheduler Successfully assigned default/api-deployment-f68977b84-fmhdx to gke-gke-dev-cluster-default-pool-6c6bb127-nw61
Normal Pulling 32m (x4 over 33m) kubelet, gke-gke-dev-cluster-default-pool-6c6bb127-nw61 pulling image "eu.gcr.io/xxxx-xxx/api:latest"
Warning Failed 32m (x4 over 33m) kubelet, gke-gke-dev-cluster-default-pool-6c6bb127-nw61 Failed to pull image "eu.gcr.io/xxxx-xxx/api:latest": rpc error: code = Unknown desc = Error response from daemon: pull access denied for eu.gcr.io/xxxx-xxx/api, repository does not exist or may require 'docker login'
Warning Failed 32m (x4 over 33m) kubelet, gke-gke-dev-cluster-default-pool-6c6bb127-nw61 Error: ErrImagePull
Normal BackOff 32m (x6 over 33m) kubelet, gke-gke-dev-cluster-default-pool-6c6bb127-nw61 Back-off pulling image "eu.gcr.io/xxxx-xxx/api:latest"
Warning Failed 3m59s (x131 over 33m) kubelet, gke-gke-dev-cluster-default-pool-6c6bb127-nw61 Error: ImagePullBackOff

我是否还需要为具有谷歌云存储库的 GKE 集群添加 ImageSecrets 或者可能还有其他问题?

GKE 集群是使用 TerraForm 创建的,并带有以下 GKE 的 gke.tf

resource "google_container_cluster" "primary" {
name = "gke-${terraform.workspace}-cluster"
zone = "${var.region}-b"

additional_zones = [
"${var.region}-c",
"${var.region}-d",
]

# minimum kubernetes version for master
min_master_version = "${var.min_master_version}"
# version for the nodes. Should equal min_master_version on create
node_version = "${var.node_version}"
initial_node_count = "${var.gke_num_nodes[terraform.workspace]}"
network = "${var.vpc_name}"
subnetwork = "${var.subnet_name}"

addons_config {

http_load_balancing {
disabled = false # this is the default
}

horizontal_pod_autoscaling {
disabled = false
}

kubernetes_dashboard {
disabled = false
}
}

# vpc-native network
ip_allocation_policy {
# use_ip_aliases = true
}

master_auth {
username = "${var.gke_master_user}"
password = "${var.gke_master_pass}"
}

node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]

labels = {
env = "${var.gke_label[terraform.workspace]}"
}

disk_size_gb = 10
machine_type = "${var.gke_node_machine_type}"
tags = ["gke-node"]
}
}

运行 gcloud gcloud container clusters describe [CLUSTER] 给出

nodePools:
- config:
diskSizeGb: 10
diskType: pd-standard
imageType: COS
labels:
env: dev
machineType: n1-standard-1
metadata:
disable-legacy-endpoints: 'true'
oauthScopes:
- https://www.googleapis.com/auth/monitoring
- https://www.googleapis.com/auth/devstorage.read_only
- https://www.googleapis.com/auth/logging.write
- https://www.googleapis.com/auth/compute
serviceAccount: default

所以 devstorage.read_only 似乎在那里

最佳答案

您的 GKE 集群节点池是否配置了 https://www.googleapis.com/auth/devstorage.read_only OAuth 范围?

要检查您可以运行 gcloud container clusters describe [CLUSTER NAME]:范围列在 oauthScopes 属性下。或者在 GCP 仪表板中查看您的节点池详细信息:

GKE node pool OAuth scopes

存储应该被启用。

关于google-cloud-platform - 带有私有(private) Google Cloud 存储库的 GKE 上的 ImagePullBackOff,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57446166/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com