У меня Spring Cloud Data Flow (SCDF) server работает с Skipper.Я использую его для развертывания приложений Spring Cloud Task (SCT) и Spring Cloud Stream (SCS), чьи образы докеров поступают из частного реестра докеров.Я следовал этому справочному документу , чтобы позволить SCDF извлекать образы из этого частного реестра докеров, установив для среды SPRING_CLOUD_DEPLOYER_KUBERNETES_IMAGE_PULL_SECRET в server-deployment.yaml секрет, который я создал.
Это позволяет мне без проблем зарегистрироваться и запустить SCT.Однако я не могу развернуть поток, содержащий приложение SCS, потому что Kubernetes не может извлечь образ из личного реестра Docker из-за проблемы аутентификации (см. Ошибку ниже).
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 16m default-scheduler Successfully assigned default/turner-turner-consumer-v1-5f87d66b4d-gq6fk to worker-node
Normal Pulling 14m (x4 over 16m) kubelet, worker-node pulling image "docker-registry:5000/turner-consumer:20190225.1"
Warning Failed 14m (x4 over 16m) kubelet, worker-node Failed to pull image "docker-registry:5000/turner-consumer:20190225.1": rpc error: code = Unknown desc = Error response from daemon: Get https://docker-registry:5000/v2/turner-consumer/manifests/20190225.1: no basic auth credentials
Warning Failed 14m (x4 over 16m) kubelet, worker-node Error: ErrImagePull
Warning Failed 14m (x6 over 16m) kubelet, worker-node Error: ImagePullBackOff
Normal BackOff 14m (x7 over 16m) kubelet, worker-node Back-off pulling image "docker-registry:5000/turner-consumer:20190225.1"
Когда я скачал yaml развертывания для SCT и SCS для сравнения, я заметил, что yaml развертывания для SCS не имеет раздела для imagePullSecrets по сравнению с SCT.
Это фрагмент кода развертывания для SCT, показывающий, что у него есть определенный секрет
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: regcred
nodeName: worker-node
Однако в хранилище развертывания SCS его нет.
dnsPolicy: ClusterFirst
nodeName: worker-node
Я не уверен, что делать, чтобы решить эту проблему.Помощь приветствуется.
Примечание
-
SCDF версия 1.7.3.RELEASE - Я использую
Rancher version 2.1.6 для управления кластером Kubernetes
Полная информация о развертывании yaml и pods развертывание SCT yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 10.42.1.38/32
creationTimestamp: null
labels:
role: spring-app
spring-app-id: turner-task-2-g3j223m3qx
spring-deployment-id: turner-task-2-g3j223m3qx
task-name: turner-task-2
name: turner-task-2-g3j223m3qx
selfLink: /api/v1/namespaces/default/pods/turner-task-2-g3j223m3qx
spec:
containers:
- args:
- --spring.datasource.username=root
- --spring.cloud.task.name=turner-task-2
- --spring.datasource.url=jdbc:mysql://10.43.152.128:3306/mysql
- --spring.datasource.driverClassName=org.mariadb.jdbc.Driver
- --spring.datasource.password=yourpassword
- --spring.kafka.bootstrap-servers=${KAFKA_SERVICE_HOST}:${KAFKA_SERVICE_PORT}
- --spring.cloud.task.executionid=18
env:
- name: SPRING_REDIS_HOST
value: 10.43.204.214
- name: SPRING_REDIS_PORT
value: "6379"
- name: SPRING_CLOUD_STREAM_KAFKA_BINDER_BROKERS
value: 10.43.138.98:9092
- name: SPRING_CLOUD_STREAM_KAFKA_BINDER_ZK_NODES
value: 10.43.137.90:2181
- name: SPRING_CLOUD_APPLICATION_GUID
value: ${HOSTNAME}
image: docker-registry:5000/turner-task:20190226.4
imagePullPolicy: IfNotPresent
name: turner-task-2-g3j223m3qx
resources:
limits:
cpu: "0"
memory: 1Gi
requests:
cpu: "0"
memory: 1Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-b4vht
readOnly: true
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: regcred
nodeName: worker-node
priority: 0
restartPolicy: Never
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-b4vht
secret:
defaultMode: 420
secretName: default-token-b4vht
status:
phase: Pending
qosClass: Burstable
развертывание SCS yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 10.42.1.40/32
creationTimestamp: null
generateName: turner-turner-consumer-v1-5f87d66b4d-
labels:
pod-template-hash: "1943822608"
role: spring-app
spring-app-id: turner-turner-consumer-v1
spring-deployment-id: turner-turner-consumer-v1
spring-group-id: turner
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: turner-turner-consumer-v1-5f87d66b4d
uid: 31a39289-3f9d-11e9-af54-fa163e2374c3
selfLink: /api/v1/namespaces/default/pods/turner-turner-consumer-v1-5f87d66b4d-gq6fk
spec:
containers:
- args:
- --spring.metrics.export.triggers.application.includes=integration**
- --spring.cloud.dataflow.stream.app.label=turner-consumer
- --spring.cloud.stream.metrics.key=turner.turner-consumer.${spring.cloud.application.guid}
- --spring.cloud.stream.bindings.input.group=turner
- --spring.cloud.stream.metrics.properties=spring.application.name,spring.application.index,spring.cloud.application.*,spring.cloud.dataflow.*
- --spring.cloud.stream.bindings.applicationMetrics.destination=metrics
- --spring.cloud.dataflow.stream.name=turner
- --spring.cloud.dataflow.stream.app.type=sink
- --spring.cloud.stream.bindings.input.destination=turner.time
env:
- name: SPRING_CLOUD_STREAM_KAFKA_BINDER_BROKERS
value: 10.43.138.98:9092
- name: SPRING_CLOUD_STREAM_KAFKA_BINDER_ZK_NODES
value: 10.43.137.90:2181
- name: SPRING_CLOUD_APPLICATION_GUID
value: ${HOSTNAME}
- name: SPRING_CLOUD_APPLICATION_GROUP
value: turner
image: docker-registry:5000/turner-consumer:20190225.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 90
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 2
name: turner-turner-consumer-v1
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /info
port: 8080
scheme: HTTP
initialDelaySeconds: 90
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
resources:
limits:
cpu: "0"
memory: 1Gi
requests:
cpu: "0"
memory: 1Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-b4vht
readOnly: true
dnsPolicy: ClusterFirst
nodeName: worker-node
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-b4vht
secret:
defaultMode: 420
secretName: default-token-b4vht
status:
phase: Pending
qosClass: Burstable
deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: scdf-server
labels:
app: scdf-server
spec:
selector:
matchLabels:
app: scdf-server
replicas: 1
template:
metadata:
labels:
app: scdf-server
spec:
containers:
- name: scdf-server
image: springcloud/spring-cloud-dataflow-server-kubernetes:1.7.3.RELEASE
imagePullPolicy: Always
ports:
- containerPort: 80
resources:
limits:
cpu: 1.0
memory: 2048Mi
requests:
cpu: 0.5
memory: 1024Mi
env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: "metadata.namespace"
- name: SERVER_PORT
value: '80'
- name: SPRING_CLOUD_CONFIG_ENABLED
value: 'false'
- name: SPRING_CLOUD_DATAFLOW_FEATURES_ANALYTICS_ENABLED
value: 'true'
- name: SPRING_CLOUD_DATAFLOW_FEATURES_SCHEDULES_ENABLED
value: 'true'
- name: SPRING_CLOUD_DEPLOYER_KUBERNETES_CREATE_DEPLOYMENT
value: 'true'
- name: SPRING_CLOUD_DEPLOYER_KUBERNETES_MEMORY
value: 1024Mi
- name: SPRING_CLOUD_DEPLOYER_KUBERNETES_READINESS_PROBE_DELAY
value: '90'
- name: SPRING_CLOUD_DEPLOYER_KUBERNETES_LIVENESS_PROBE_DELAY
value: '90'
- name: SPRING_CLOUD_KUBERNETES_SECRETS_ENABLE_API
value: 'true'
- name: SPRING_CLOUD_KUBERNETES_SECRETS_NAME
value: mysql
- name: SPRING_CLOUD_KUBERNETES_CONFIG_NAME
value: scdf-server
- name: SPRING_CLOUD_DATAFLOW_METRICS_COLLECTOR_URI
value: 'http://${METRICS_SERVICE_HOST}'
- name: SPRING_CLOUD_DATAFLOW_SERVER_URI
value: 'http://${SCDF_SERVER_SERVICE_HOST}:${SCDF_SERVER_SERVICE_PORT}'
# Uncomment the following properties if you're going to use Skipper for stream deployments
- name: SPRING_CLOUD_SKIPPER_CLIENT_SERVER_URI
value: 'http://${SKIPPER_SERVICE_HOST}/api'
- name: SPRING_CLOUD_DATAFLOW_FEATURES_SKIPPER_ENABLED
value: 'true'
- name: SPRING_CLOUD_DEPLOYER_KUBERNETES_IMAGE_PULL_SECRET
value: regcred
# Add Maven repo for metadata artifact resolution plus set metrics destination for all stream apps
- name: SPRING_APPLICATION_JSON
value: "{ \"maven\": { \"local-repository\": null, \"remote-repositories\": { \"repo1\": { \"url\": \"https://repo.spring.io/libs-snapshot\"} } }, \"spring.cloud.dataflow.application-properties.stream.spring.cloud.stream.bindings.applicationMetrics.destination\": \"metrics\" }"
serviceAccountName: scdf-sa