ImagePullBackOff error Google Kubernetes Engine

问题

I know a lot of people already had similar question, i read a few of them, but found nothing what actualy helped me so far.

I have a gitlab with private repo enabled, I also use Google Kubernetes Engine. I have a few Docker container in my private repo, and I want to deploy one of them to the Kubernetes Engine.

I have created a secret with kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt I also tried kubectl create secret docker-registry name --docker-server=registry.xy.z --docker-username=google --docker-password=xyz --docker-email=xy@z.de Then I created my Deployment file:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: backend-test
labels:
app: 13371337
spec:
replicas: 1
template:
metadata:
labels:
app: 13371337
spec:
  containers:
  - name: backend
    image: registry.xy.z/group/project/backend:latest
    imagePullPolicy: Always
    ports:
    - containerPort: 8080
  imagePullSecrets:
  - name: db-user-pass or name

Any ideas how to get it running?

回答1:

Using kubectl create secret docker-registry name is a right way to provide credentials of private docker registry.

imagePullSecrets options looking good too, if you specify there a name of your docker-registry secret.

So, from Kubernetes path everything looking good.

Try to check events of the pod which will be created by Deployment, just find you pod by kubectl get pods and call kubectl describe pod $name_of_your_pod, you will see an actual reason why it cannot pull an image.

Also, if your depository is insecure or has self-signed certificate, try to follow that guide to allow docker daemon pulling image from there, that is an often reason of image pull failures.

回答2:

In order to create a secret you can use the following command: (notice I gave it a name)

kubectl create secret docker-registry my_registry \
--docker-server=registry.xy.z \
--docker-username=google \
--docker-password=xyz \
--docker-email=xy@z.de

or using yaml:

apiVersion: v1
kind: Secret
metadata:
  name: my_registry
type: Opaque
data:
  docker-server: registry.xy.z
  docker-username: google
  docker-password: xyz
  docker-email: xy@z.de

and your deployment need to use the secret name:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: backend-test
labels:
app: 13371337
spec:
replicas: 1
template:
metadata:
labels:
app: 13371337
spec:
  containers:
  - name: backend
    image: registry.xy.z/group/project/backend:latest
    imagePullPolicy: Always
    ports:
    - containerPort: 8080
  imagePullSecrets:
  - name: my_registry

Notice: you must create the secret per namespace.

来源：https://stackoverflow.com/questions/49298520/imagepullbackoff-error-google-kubernetes-engine