docker - JKube 在 GitHub 存储库上部署的 Pod 在 MicroK8 中部署时导致 401

Question

我正在尝试在 microk8s 集群上安装 JKube 的简单 Spring Boot 应用程序。作为远程私有 docker 存储库，我使用的是 GitHub Packages（测试版）。当 microk8s 获取 pod 时，他尝试部署它失败并显示以下错误：

命令：

kubectl describe pod walking-skeleton-5df7c4998c-9blmz -n walking

输出：

Name:         walking-skeleton-5df7c4998c-9blmz
Namespace:    walking
Priority:     0
Node:         server-k8s-main/MYIP
Start Time:   Tue, 16 Feb 2021 23:01:57 +0100
Labels:       app=walking-skeleton
              group=de.MYNAME
              pod-template-hash=5df7c4998c
              provider=jkube
              version=0.0.2-SNAPSHOT
Annotations:  cni.projectcalico.org/podIP: 10.1.4.29/32
              cni.projectcalico.org/podIPs: 10.1.4.29/32
              jkube.io/git-branch: main
              jkube.io/git-commit: c0ba4b997db326fc8a7018adfca4f5a4d74aea39
              jkube.io/git-url: git@github.com:MYNAME/MYPROJECT.git
              jkube.io/scm-tag: HEAD
              jkube.io/scm-url: https://github.com/spring-projects/spring-boot/walking-skeleton
Status:       Pending
IP:           10.1.4.29
IPs:
  IP:           10.1.4.29
Controlled By:  ReplicaSet/walking-skeleton-5df7c4998c
Containers:
  spring-boot:
    Container ID:   
    Image:          docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT
    Image ID:       
    Ports:          8080/TCP, 9779/TCP, 8778/TCP
    Host Ports:     0/TCP, 0/TCP, 0/TCP
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Liveness:       http-get http://:8080/actuator/health delay=180s timeout=1s period=10s #success=1 #failure=3
    Readiness:      http-get http://:8080/actuator/health delay=10s timeout=1s period=10s #success=1 #failure=3
    Environment:
      KUBERNETES_NAMESPACE:  walking (v1:metadata.namespace)
      HOSTNAME:              walking-skeleton-5df7c4998c-9blmz (v1:metadata.name)
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-jq7q9 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  default-token-jq7q9:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-jq7q9
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age                  From               Message
  ----     ------     ----                 ----               -------
  Normal   Scheduled  13m                  default-scheduler  Successfully assigned walking/walking-skeleton-5df7c4998c-9blmz to server-k8s-main
  Normal   Pulling    11m (x4 over 13m)    kubelet            Pulling image "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT"
  Warning  Failed     11m (x4 over 13m)    kubelet            Error: ErrImagePull
  Warning  Failed     11m (x4 over 13m)    kubelet            Failed to pull image "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT": rpc error: code = Unknown desc = failed to pull and unpack image "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT": failed to resolve reference "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT": unexpected status code [manifests 0.0.2-SNAPSHOT]: **401 Unauthorized**
  Normal   BackOff    11m (x6 over 13m)    kubelet            Back-off pulling image "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT"
  Warning  Failed     3m1s (x43 over 13m)  kubelet            Error: ImagePullBackOff

我认为，有趣的是：

failed to resolve reference "docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:0.0.2-SNAPSHOT": unexpected status code [manifests 0.0.2-SNAPSHOT]: **401 Unauthorized**

我在 pom.xml 中的插件配置如下所示：

        <profile>
            <id>kubernetes-deploy</id>
            <properties>
                <jkube.docker.registry>docker.pkg.github.com/MYNAME/MYPROJECT</jkube.docker.registry>
                <jkube.generator.name>docker.pkg.github.com/MYNAME/MYPROJECT/walkingskeleton:${project.version}
                </jkube.generator.name>
            </properties>

            <build>
                <plugins>
                    <plugin>
                        <groupId>org.eclipse.jkube</groupId>
                        <artifactId>kubernetes-maven-plugin</artifactId>
                        <version>1.1.0</version>
                        <configuration>
                            <namespace>${k8s.namespace}</namespace>
                            <resources>
                                <replicas>2</replicas>
                                <secrets>
                                    <secret>
                                        <dockerServerId>docker.pkg.github.com/MYNAME/MYPROJECT</dockerServerId>
                                        <name>github</name>
                                        <namespace>${k8s.namespace}</namespace>
                                    </secret>
                                </secrets>
                            </resources>
                        </configuration>
                    </plugin>
                </plugins>
            </build>
        </profile>

命名空间的配置类似于属性中的 <k8s.namespace>walking</k8s.namespace>。作为设置中的秘密：

        <server>
            <id>docker.pkg.github.com/MYNAME/MYPROJECT</id>
            <username>MYNAME</username>
            <password>nice try :-)</password>
        </server>

我还检查了这个秘密已经部署在 microk8s 上：

kubectl get secrets -n walking

NAME                  TYPE                                  DATA   AGE
default-token-jq7q9   kubernetes.io/service-account-token   3      37m
github                kubernetes.io/dockercfg               1      37m

你能帮助我吗？我错过了什么？先感谢您 ：-）