如何让 k8s 可以访问到 docker 的镜像？

在 docker 中有一个镜像 ponponon/test-nameko-for-rabbitmq:1.0.1

─➤  docker image ls
REPOSITORY                                                    TAG                IMAGE ID       CREATED          SIZE
ponponon/test-nameko-for-rabbitmq                             1.0.1              eb717d2bfbaa   56 minutes ago   1.1GB

使用 docker run 可以正常访问

─➤  docker run -it ponponon/test-nameko-for-rabbitmq:1.0.1  bash
root@f7e907c0434b:/code# 

但是这 k8s 中却无法访问
使用下面的命令跑一个 pod

─➤  kubectl run mytest --image=ponponon/test-nameko-for-rabbitmq:1.0.1
pod/mytest created

下面的命令可以看到启动失败了

─➤  kubectl get pods               
NAME                                     READY   STATUS             RESTARTS   AGE
mytest                                   0/1     ImagePullBackOff   0          35m

使用 kubectl describe 查看具体的原因：

─➤  kubectl describe pod/mytest                                                                    1 ↵
Name:         mytest
Namespace:    default
Priority:     0
Node:         minikube/192.168.49.2
Start Time:   Sat, 12 Mar 2022 20:10:31 +0800
Labels:       run=mytest
Annotations:  <none>
Status:       Pending
IP:           172.17.0.10
IPs:
  IP:  172.17.0.10
Containers:
  mytest:
    Container ID:   
    Image:          ponponon/test-nameko-for-rabbitmq:1.0.1
    Image ID:       
    Port:           <none>
    Host Port:      <none>
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-s65kb (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  kube-api-access-s65kb:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age                 From               Message
  ----     ------     ----                ----               -------
  Normal   Scheduled  101s                default-scheduler  Successfully assigned default/mytest to minikube
  Normal   Pulling    49s (x3 over 100s)  kubelet            Pulling image "ponponon/test-nameko-for-rabbitmq:1.0.1"
  Warning  Failed     45s (x3 over 95s)   kubelet            Failed to pull image "ponponon/test-nameko-for-rabbitmq:1.0.1": rpc error: code = Unknown desc = Error response from daemon: pull access denied for ponponon/test-nameko-for-rabbitmq, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed     45s (x3 over 95s)   kubelet            Error: ErrImagePull
  Normal   BackOff    6s (x5 over 94s)    kubelet            Back-off pulling image "ponponon/test-nameko-for-rabbitmq:1.0.1"
  Warning  Failed     6s (x5 over 94s)    kubelet            Error: ImagePullBackOff

关键错误就是下面这一段

code = Unknown desc = Error response from daemon: pull access denied for ponponon/test-nameko-for-rabbitmq, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

根据这个教程（Failed to pull image pull access denied , repository does not exist or may require 'docker login':）的指引，我是用下面的命令排查问题（使用 minikube ssh 登录到 xx ，然后用 docker ps -a 看看是什么样子）：

─➤  minikube ssh
Last login: Sat Mar 12 12:41:05 2022 from 192.168.49.1
docker@minikube:~$ docker image ls
REPOSITORY                                                                             TAG       IMAGE ID       CREATED         SIZE
nginx                                                                                  latest    c919045c4c2b   10 days ago     142MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver                     v1.23.1   b6d7abedde39   2 months ago    135MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy                         v1.23.1   b46c42588d51   2 months ago    112MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager            v1.23.1   f51846a4fd28   2 months ago    125MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler                     v1.23.1   71d575efe628   2 months ago    53.5MB
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd                               3.5.1-0   25f8c7f3da61   4 months ago    293MB
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns/coredns                    v1.8.6    a4ca41631cc7   5 months ago    46.8MB
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns                            v1.8.6    a4ca41631cc7   5 months ago    46.8MB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause                              3.6       6270bb605e12   6 months ago    683kB
registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/dashboard             v2.3.1    e1482a24335a   8 months ago    220MB
registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard                          <none>    e1482a24335a   8 months ago    220MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/metrics-scraper       v1.0.7    7801cfc6d5c0   9 months ago    34.4MB
registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper                    <none>    7801cfc6d5c0   9 months ago    34.4MB
registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-minikube/storage-provisioner   v5        6e38f40d628d   11 months ago   31.5MB
registry.cn-hangzhou.aliyuncs.com/google_containers/storage-provisioner                v5        6e38f40d628d   11 months ago   31.5MB

可以看到，minikube 看不到 docker 中的镜像，这还是为什么呢？隔离的吗？

我不仅仅需要在 docker 中打包镜像，在 k8s 中，还需要用 k8s 单独打包一次镜像吗？

我应该怎么做？