记一次k8s拉取docker hub镜像报错toomanyrequests

[wtysos11]

背景：在devCloud上使用Minikube搭建的单机集群上，试图拉取ubuntu:bionic镜像进行挂载的实验。然后pod一直报告ErrImagePull

  Normal   Scheduled  38s                default-scheduler  Successfully assigned default/thanos-rule-65458b86c5-qwtxl to minikube
  Warning  Failed     32s                kubelet            Failed to pull image "ubuntu:bionic": rpc error: code = Unknown desc = toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
  Normal   Pulling    17s (x2 over 37s)  kubelet            Pulling image "ubuntu:bionic"
  Warning  Failed     13s (x2 over 32s)  kubelet            Error: ErrImagePull
  Warning  Failed     13s                kubelet            Failed to pull image "ubuntu:bionic": rpc error: code = Unknown desc = Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
  Normal   BackOff    0s (x2 over 31s)   kubelet            Back-off pulling image "ubuntu:bionic"
  Warning  Failed     0s (x2 over 31s)   kubelet            Error: **ImagePullBackOff**

docker login一点问题都没有，直接使用docker也可以拉取镜像。初步估计是缓存没有刷过去，我又不想重新启动minikube集群￣へ￣ 目前的想法是参考Pulling an image from a private registry的指引来配置secret。从私有仓库都能抓取，那我从通过公有仓库的验证下载应该也是可行的。

create secret kubectl create secret generic regcred --from-file=.dockerconfigjson=/home/wty/.docker/config.json --type=kubernetes.io/dockerconfigjson secret regcred大致如下：

apiVersion: v1
data:
  .dockerconfigjson: 这里姑且打个码，大概是一串base64压缩后的密文
kind: Secret
metadata:
  creationTimestamp: "2021-07-27T07:11:32Z"
  name: regcred
  namespace: default
  resourceVersion: "61954"
  uid: 0e75aa29-6f0f-422e-968e-82e6b2113673
type: kubernetes.io/dockerconfigjson

在yaml文件中加上imagePullSecrets（这里其实有点疑问，如果有多个私有仓库，多个secret怎么办，k8s会一个个试过去吗）

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/name: thanos-rule
  name: thanos-rule
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: thanos-rule
  template:
    metadata:
      labels:
        app.kubernetes.io/name: thanos-rule
    spec:
      imagePullSecrets:
      - name: regcred
      containers:
      - name: thanos-rule
        image: ubuntu:bionic
        command: [ "/bin/sh" , "-c", "tail -f /dev/null" ]
        env:
        - name: NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        volumeMounts:
        - name: thanos-rules
          mountPath: /etc/thanos/rules
      volumes:
      - name: thanos-rules
        configMap:
          name: thanos-rules