1

我正在尝试从我的私人港口注册表中提取图像。在 Kubernetes 中,我首先创建了一个秘密,如本文档中所述:

https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

然后我尝试在我的 deployment.yaml 中实现它:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-k8s-test9
  namespace: k8s-test9
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx-k8s-test9
    spec:
      containers:
      - name: nginx-k8s-test9
        image: my-registry.com/nginx-test/nginx:1.14.2
      imagePullSecrets:
      - name: harborcred
        imagePullPolicy: Always
        volumeMounts:
          - name: webcontent
            mountPath: usr/share/nginx/html
        ports:
        - containerPort: 80
      volumes:
        - name: webcontent
          configMap:
            name: webcontent
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: webcontent
  namespace: k8s-test9
  annotations:
    volume.alpha.kubernetes.io/storage-class: default
spec:
  accessModes: [ReadWriteOnce]
  resources:
    requests:
      storage: 5Gi

当我尝试创建部署时,我收到以下错误消息:

error: error validating "deployment.yaml": error validating data: [ValidationError(Deployment.spec.template.spec.imagePullSecrets[0]): unknown field "imagePullPolicy" in io.k8s.api.core.v1.LocalObjectReference, ValidationError(Deployment.spec.template.spec.imagePullSecrets[0]): unknown field "ports" in io.k8s.api.core.v1.LocalObjectReference, ValidationError(Deployment.spec.template.spec.imagePullSecrets[0]): unknown field "volumeMounts" in io.k8s.api.core.v1.LocalObjectReference]; if you choose to ignore these errors, turn validation off with --validate=false

我想这是一个 yaml 问题,但我不知道它应该在哪里。

4

3 回答 3

5

这是解决方案:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-k8s-test9
  namespace: k8s-test9
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx-k8s-test9
    spec:
      containers:
      - name: nginx-k8s-test9
        image: my-registry.com/nginx-test/nginx:1.14.2
        volumeMounts:
          - name: webcontent
            mountPath: usr/share/nginx/html
        ports:
        - containerPort: 80
      volumes:
        - name: webcontent
          configMap:
            name: webcontent
      imagePullSecrets:
      - name: harborcred-test
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: webcontent
  namespace: k8s-test9
  annotations:
    volume.alpha.kubernetes.io/storage-class: default
spec:
  accessModes: [ReadWriteOnce]
  resources:
    requests:
      storage: 5Gi

imagePullSecrets 部分不在正确的位置。

于 2019-03-21T12:55:18.703 回答
1

你能像这样改变你的配置吗?试试看

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: webcontent
  namespace: k8s-test9
  annotations:
    volume.alpha.kubernetes.io/storage-class: default
spec:
  accessModes: [ReadWriteOnce]
  resources:
    requests:
      storage: 5Gi
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-k8s-test9
  namespace: k8s-test9
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx-k8s-test9
    spec:
      containers:
      - name: nginx-k8s-test9
        image: my-registry.com/nginx-test/nginx:1.14.2
      imagePullSecrets:
      - name: harborcred
        imagePullPolicy: Always
        volumeMounts:
          - name: webcontent
            mountPath: usr/share/nginx/html
        ports:
        - containerPort: 80
      volumes:
        - name: webcontent
          configMap:
            name: webcontent

kubectl apply -f deployment.yaml如果它不起作用,请尝试

kubectl apply -f deployment.yaml --validate=false
于 2019-03-18T10:55:13.950 回答
1

我通过在管道中创建和提供秘密而不是编辑 .yaml 文件解决了这个问题

我们的要求是不要将秘密保存在 .yaml 文件中,因为它是从 repo 中获取的

第 1 步:创建管道添加任务
部署到 Kubernetes >> 选择操作:创建机密 - 可以找到如何创建机密的步骤

第 2 步:然后在您拉取 .yaml 文件的任何任务中,可以通过在 Deploy to Kubernetes 的 ImagePullSecrets 中提供密钥名称来使用该密钥 imagepullsecret 截图

于 2020-03-15T20:05:55.993 回答