kubernetes 拉取 jenkins 图像给 Imagepullbackoff

【问题标题】:kubernetes pull of jenkins image giving Imagepullbackoffkubernetes 拉取 jenkins 图像给 Imagepullbackoff
【发布时间】:2020-08-30 22:34:19
【问题描述】:

尝试使用 helm install stable/jenkins --values jenkins.values --name jenkins 来拉取 jenkins 映像 进入我的本地集群,但每次,当我构建 pod 时,它都会给出如下错误。

`

[root@kube-master tmp]# kubectl describe pod newjenkins-84cd855fb6-mr9rm
Name:           newjenkins-84cd855fb6-mr9rm
Namespace:      default
Priority:       0
Node:           worker-node2/192.168.20.56
Start Time:     Thu, 14 May 2020 14:58:13 +0500
Labels:         app.kubernetes.io/component=jenkins-master
                app.kubernetes.io/instance=newjenkins
                app.kubernetes.io/managed-by=Tiller
                app.kubernetes.io/name=jenkins
                helm.sh/chart=jenkins-1.16.0
                pod-template-hash=84cd855fb6
Annotations:    checksum/config: 70d4b49bc5cd79a1a978e1bbafdb8126f8accc44871772348fd481642e33cffb
Status:         Pending
IP:
IPs:            <none>
Controlled By:  ReplicaSet/newjenkins-84cd855fb6
Init Containers:
  copy-default-config:
    Container ID:
    Image:         jenkins/jenkins:lts
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      sh
      /var/jenkins_config/apply_config.sh
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Limits:
      cpu:     2
      memory:  4Gi
    Requests:
      cpu:     50m
      memory:  256Mi
    Environment:
      ADMIN_PASSWORD:  <set to the key 'jenkins-admin-password' in secret 'newjenkins'>  Optional: false
      ADMIN_USER:      <set to the key 'jenkins-admin-user' in secret 'newjenkins'>      Optional: false
    Mounts:
      /tmp from tmp (rw)
      /usr/share/jenkins/ref/secrets/ from secrets-dir (rw)
      /var/jenkins_config from jenkins-config (rw)
      /var/jenkins_home from jenkins-home (rw)
      /var/jenkins_plugins from plugin-dir (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from newjenkins-token-jmfsz (ro)
Containers:
  jenkins:
    Container ID:
    Image:         jenkins/jenkins:lts
    Image ID:
    Ports:         8080/TCP, 50000/TCP
    Host Ports:    0/TCP, 0/TCP
    Args:
      --argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)
      --argumentsRealm.roles.$(ADMIN_USER)=admin
      --httpPort=8080
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Limits:
      cpu:     2
      memory:  4Gi
    Requests:
      cpu:      50m
      memory:   256Mi
    Liveness:   http-get http://:http/login delay=90s timeout=5s period=10s #success=1 #failure=5
    Readiness:  http-get http://:http/login delay=60s timeout=5s period=10s #success=1 #failure=3
    Environment:
      POD_NAME:                  newjenkins-84cd855fb6-mr9rm (v1:metadata.name)
      JAVA_OPTS:
      JENKINS_OPTS:
      JENKINS_SLAVE_AGENT_PORT:  50000
      ADMIN_PASSWORD:            <set to the key 'jenkins-admin-password' in secret 'newjenkins'>  Optional: false
      ADMIN_USER:                <set to the key 'jenkins-admin-user' in secret 'newjenkins'>      Optional: false
    Mounts:
      /tmp from tmp (rw)
      /usr/share/jenkins/ref/plugins/ from plugin-dir (rw)
      /usr/share/jenkins/ref/secrets/ from secrets-dir (rw)
      /var/jenkins_config from jenkins-config (ro)
      /var/jenkins_home from jenkins-home (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from newjenkins-token-jmfsz (ro)
Conditions:
  Type              Status
  Initialized       False
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  plugins:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  tmp:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  jenkins-config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      newjenkins
    Optional:  false
  secrets-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  plugin-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  jenkins-home:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  newjenkins
    ReadOnly:   false
  newjenkins-token-jmfsz:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  newjenkins-token-jmfsz
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age        From                   Message
  ----    ------     ----       ----                   -------
  Normal  Scheduled  <unknown>  default-scheduler      Successfully assigned default/newjenkins-84cd855fb6-mr9rm to worker-node2
  Normal  Pulling    9m41s      kubelet, worker-node2  Pulling image "jenkins/jenkins:lts"
[root@kube-master tmp]# kubectl describe pod newjenkins-84cd855fb6-mr9rm
Name:           newjenkins-84cd855fb6-mr9rm
Namespace:      default
Priority:       0
Node:           worker-node2/192.168.20.56
Start Time:     Thu, 14 May 2020 14:58:13 +0500
Labels:         app.kubernetes.io/component=jenkins-master
                app.kubernetes.io/instance=newjenkins
                app.kubernetes.io/managed-by=Tiller
                app.kubernetes.io/name=jenkins
                helm.sh/chart=jenkins-1.16.0
                pod-template-hash=84cd855fb6
Annotations:    checksum/config: 70d4b49bc5cd79a1a978e1bbafdb8126f8accc44871772348fd481642e33cffb
Status:         Pending
IP:
IPs:            <none>
Controlled By:  ReplicaSet/newjenkins-84cd855fb6
Init Containers:
  copy-default-config:
    Container ID:
    Image:         jenkins/jenkins:lts
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      sh
      /var/jenkins_config/apply_config.sh
    State:          Waiting
      Reason:       ErrImagePull
    Ready:          False
    Restart Count:  0
    Limits:
      cpu:     2
      memory:  4Gi
    Requests:
      cpu:     50m
      memory:  256Mi
    Environment:
      ADMIN_PASSWORD:  <set to the key 'jenkins-admin-password' in secret 'newjenkins'>  Optional: false
      ADMIN_USER:      <set to the key 'jenkins-admin-user' in secret 'newjenkins'>      Optional: false
    Mounts:
      /tmp from tmp (rw)
      /usr/share/jenkins/ref/secrets/ from secrets-dir (rw)
      /var/jenkins_config from jenkins-config (rw)
      /var/jenkins_home from jenkins-home (rw)
      /var/jenkins_plugins from plugin-dir (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from newjenkins-token-jmfsz (ro)
Containers:
  jenkins:
    Container ID:
    Image:         jenkins/jenkins:lts
    Image ID:
    Ports:         8080/TCP, 50000/TCP
    Host Ports:    0/TCP, 0/TCP
    Args:
      --argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD)
      --argumentsRealm.roles.$(ADMIN_USER)=admin
      --httpPort=8080
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Limits:
      cpu:     2
      memory:  4Gi
    Requests:
      cpu:      50m
      memory:   256Mi
    Liveness:   http-get http://:http/login delay=90s timeout=5s period=10s #success=1 #failure=5
    Readiness:  http-get http://:http/login delay=60s timeout=5s period=10s #success=1 #failure=3
    Environment:
      POD_NAME:                  newjenkins-84cd855fb6-mr9rm (v1:metadata.name)
      JAVA_OPTS:
      JENKINS_OPTS:
      JENKINS_SLAVE_AGENT_PORT:  50000
      ADMIN_PASSWORD:            <set to the key 'jenkins-admin-password' in secret 'newjenkins'>  Optional: false
      ADMIN_USER:                <set to the key 'jenkins-admin-user' in secret 'newjenkins'>      Optional: false
    Mounts:
      /tmp from tmp (rw)
      /usr/share/jenkins/ref/plugins/ from plugin-dir (rw)
      /usr/share/jenkins/ref/secrets/ from secrets-dir (rw)
      /var/jenkins_config from jenkins-config (ro)
      /var/jenkins_home from jenkins-home (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from newjenkins-token-jmfsz (ro)
Conditions:
  Type              Status
  Initialized       False
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  plugins:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  tmp:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  jenkins-config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      newjenkins
    Optional:  false
  secrets-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  plugin-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  jenkins-home:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  newjenkins
    ReadOnly:   false
  newjenkins-token-jmfsz:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  newjenkins-token-jmfsz
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason          Age                From                   Message
  ----     ------          ----               ----                   -------
  Normal   Scheduled       <unknown>          default-scheduler      Successfully assigned default/newjenkins-84cd855fb6-mr9rm to worker-node2
  Warning  Failed          50s                kubelet, worker-node2  Failed to pull image "jenkins/jenkins:lts": rpc error: code = Unknown desc = unauthorized: authentication required
  Warning  Failed          50s                kubelet, worker-node2  Error: ErrImagePull
  Normal   SandboxChanged  49s                kubelet, worker-node2  Pod sandbox changed, it will be killed and re-created.
  Normal   Pulling 28s (x2 over 10m)  kubelet, worker-node2  Pulling image "jenkins/jenkins:lts"

使用 docker pull jenkins 手动拉取 jenkins 映像,使用 docker hub 登录且没有 docker hub 帐户登录,每次都给我错误 ErrImagePull。

【问题讨论】:

  • 你的 K8s 版本是多少?你试过helm repo update吗?
  • 不,我还没有更新 helm,K8s 版本是:[root@kube-master tmp]# kubectl version --short 客户端版本:v1.18.1 服务器版本:v1.18.1跨度>

标签: docker jenkins kubernetes kubernetes-helm docker-registry


【解决方案1】:

提示在Events 部分:

Failed to pull image "jenkins/jenkins:lts": rpc error: code = Unknown desc = unauthorized: authentication required

工作节点上的 kubelet 在启动容器时在执行 pod 之前执行 docker pull

确保节点使用docker login 登录,以便本地工作程序节点可以手动拉取映像(如果您还没有的话)。

如果您有并且它仍在发生,您可能需要一个秘密来访问相关存储库。如果它仍然在发生,请不要为您的图像使用短名称(不是jenkins/jenkins:lts,指定完整路径,如my-image-registry:5001/jenkins/jenkins:lts)以确保它从正确的位置拉取而不是Docker配置的默认注册表.希望对您有所帮助。

【讨论】:

  • 感谢 robb 的评论让我试试这个路径,会和你一起更新输出
猜你喜欢
  • 2019-01-23
  • 2023-01-22
  • 2019-03-03
  • 2022-12-11
  • 1970-01-01
  • 2020-06-18
  • 1970-01-01
  • 2021-10-30
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode