你可以使用“描述pod”语法

OpenShift使用:

oc describe pod <pod-id>  

对于香草Kubernetes:

kubectl describe pod <pod-id>  

检查输出的事件。 在我的例子中，它显示back off pull image unreachableserver/nginx:1.14.22222

在这种情况下，镜像unreachableserver/nginx:1.14.22222不能从互联网上提取，因为没有Docker注册表unreachableserver，并且镜像nginx:1.14.22222不存在。

注意:如果你没有看到任何感兴趣的事件，并且pod已经处于'ImagePullBackOff'状态一段时间了(似乎超过60分钟)，你需要删除pod，并从新的pod中查看事件。

OpenShift使用:

oc delete pod <pod-id>
oc get pods
oc get pod <new-pod-id>

对于香草Kubernetes:

kubectl delete pod <pod-id>  
kubectl get pods
kubectl get pod <new-pod-id>

样例输出:

  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  32s                default-scheduler  Successfully assigned rk/nginx-deployment-6c879b5f64-2xrmt to aks-agentpool-x
  Normal   Pulling    17s (x2 over 30s)  kubelet            Pulling image "unreachableserver/nginx:1.14.22222"
  Warning  Failed     16s (x2 over 29s)  kubelet            Failed to pull image "unreachableserver/nginx:1.14.22222": rpc error: code = Unknown desc = Error response from daemon: pull access denied for unreachableserver/nginx, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed     16s (x2 over 29s)  kubelet            Error: ErrImagePull
  Normal   BackOff    5s (x2 over 28s)   kubelet            Back-off pulling image "unreachableserver/nginx:1.14.22222"
  Warning  Failed     5s (x2 over 28s)   kubelet            Error: ImagePullBackOff

其他调试步骤

try to pull the docker image and tag manually on your computer Identify the node by doing a 'kubectl/oc get pods -o wide' ssh into the node (if you can) that can not pull the docker image check that the node can resolve the DNS of the docker registry by performing a ping. try to pull the docker image manually on the node If you are using a private registry, check that your secret exists and the secret is correct. Your secret should also be in the same namespace. Thanks swenzel Some registries have firewalls that limit ip address access. The firewall may block the pull Some CIs create deployments with temporary docker secrets. So the secret expires after a few days (You are asking for production failures...)

步骤:

运行docker login。 将映像推到Docker Hub 重新创建豆荚

这为我解决了问题。

试着编辑看看有什么问题(我有错误的图像位置):

kubectl edit pods arix-3-yjq9w

甚至可以删除你的pod:

kubectl delete arix-3-yjq9w

我也遇到过类似的问题，但我的所有pod都没有准备好，显示ready状态0/1

喜欢的东西:

我尝试了很多东西，但最后我发现上下文设置不正确。

请使用以下命令，并确保在正确的上下文中:

kubectl config get-contexts

我忘记把标记为1.0.8的图像推到ECR (AWS图像中心)… 如果你正在使用头盔并升级:

Helm upgrade minta-user ./src/services/user/ Helm -chart

确保图像标签内的文件值。yaml被推送(到ECR或Docker Hub等)。例如(这是我的*helm-chart/values.yaml):

replicaCount: 1

image:
   repository:dkr.ecr.us-east-1.amazonaws.com/minta-user
   tag: 1.0.8

您需要确保推送了image:1.0.8 !

如果图像是不兼容的，你也会得到后退拉图像环境。我就是这样。

我已经通过在k8s节点上做docker拉来验证。