打開鏈接即可點亮社區Star,照亮技術的前進之路。
Github 地址:https://github.com/secretflow/kuscia
Kuscia支持自動拉取遠程的應用鏡像(比如:SecretFlow 等),這樣可以不用手動導入鏡像到容器中。可以在 Kuscia 配置文件中配置私有(or 公開)鏡像倉庫地址。
如何配置使用自定義鏡像倉庫
配置文件中的 image 字段用來配置自定義倉庫。相關含義參考 Kuscia 配置文件説明
私有鏡像倉庫
如果有一個私有鏡像倉庫(示例:private.registry.com),對應的配置如下:
- image:
- defaultRegistry: private # It doesn't matter, as long as it corresponds to <image.registries[0].name>
- registries:
- name: private
endpoint: private.registry.com/test
username: testname
password: testpass公開鏡像倉庫
如果使用公開的鏡像倉庫(示例:secretflow-registry.cn-hangzhou.cr.aliyuncs.com),對應的配置如下:
- image:
- defaultRegistry: aliyun # It doesn't matter, as long as it corresponds to <image.registries[0].name>
- registries:
- name: aliyun
endpoint: secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow關於鏡像倉庫和AppImage的搭配使用
配置文件中有image字段,AppImage 中也存在image相關的配置,他們的搭配關係示例如下:
| 配置文件 | AppImage配置 | 實際鏡像地址 | 備註 |
| - | - | - | - |
| 無配置 | secretflow/app:v1 | docker.io/secretflow/app:v1 | |
| 無配置 | private.registry.com/secretflow/app:v1 | private.registry.com/secretflow/app:v1 | |
| private.registry.com | secretflow/app:v1 | private.registry.com/app:v1 | |
| private.registry.com/secretflow | app:v1 | private.registry.com/secretflow/app:v1 | 推薦配置 |
| private.registry.com/secretflow | secretflow/app:v1 | private.registry.com/secretflow/app:v1 | |
| private.registry.com/secretflow | test/app:v1 | private.registry.com/secretflow/app:v1 | |
| private.registry.com/secretflow | private.registry.com/secretflow/app:v1 | private.registry.com/secretflow/app:v1 | |
| private.registry.com/secretflow | public.aliyun.com/secretflow/app:v1 | public.aliyun.com/secretflow/app:v1 | 強烈不推薦配置,未來可能會禁止這種配置 |
注:Kuscia推薦在 AppImage 中只配置鏡像名(不帶鏡像倉庫地址),否則切換倉庫的時候,需要批量修改AppImage,所以不建議如此配置。
鏡像拉取失敗
當發現鏡像拉取失敗時,請確認 配置文件中倉庫地址,以及賬密相關配置是否正確, 以及參考上文,確保 AppImage 的鏡像地址配置正確.
2024-06-06 13:33:00.534 ERROR framework/pod_workers.go:978 Error syncing pod "ant-test-0_ant(7fd5285b-2a5c-4a75-930a-2908e98c8799)", skipping: failed to "StartContainer" for "test" with ErrImagePull: "faile to pull image \"registry.xxxx.com/secretflow/nginx:v1\" with credentials, detail-> rpc error: code = Unknown desc = failed to pull and unpack image \"registry.xxxx.com/secretflow/nginx:v1\": failed to resolve reference \"registry.xxxx.com/secretflow/nginx:v1\": unexpected status from HEAD request to https://registry.xxxx.com/v2/secretflow/nginx/manifests/v1: 401 Unauthorized"