如果没有https,Kubernetes不会从私有存储库中提取docker镜像
[英]Kubernetes does not pull docker image from private repository without https
问题描述
I configured docker on the same host as my kubernetes-master for the private docker registry. 
我在与我的kubernetes-master相同的主机上为私有docker注册表配置了docker。
Docker pushing to the private docker registry without https was successful. Docker在没有https的情况下推送到私有docker注册表是成功的。
I also can pull the image just using docker. 我也可以使用docker来拉动图像。
When I run kubernetes for this image, I get with 'kubectl describe pods' following log : 当我为这张图片运行kubernetes时,我会在日志后面找到“kubectl describe pods”:
kubectl describe pods
Name: fgpra-250514157-yh6vb
Namespace: default
Node: 5.179.232.64/5.179.232.64
Start Time: Tue, 11 Oct 2016 18:06:59 +0200
Labels: pod-template-hash=250514157,run=fgpra
Status: Pending
IP: <removed myself>
Controllers: ReplicaSet/fgpra-250514157
Containers:
fgpra:
Container ID:
Image: 5.179.232.65:5000/some_api_image
Image ID:
Port: 3000/TCP
QoS Tier:
cpu: BestEffort
memory: BestEffort
State: Waiting
Reason: ErrImagePull
Ready: False
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready False
Volumes:
default-token-q7u3x:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-q7u3x
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
4s 4s 1 {default-scheduler } Normal Scheduled Successfully assigned fgpra-250514157-yh6vb to 5.179.232.64
4s 4s 1 {kubelet 5.179.232.64} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
4s 4s 1 {kubelet 5.179.232.64} spec.containers{fgpra} Normal Pulling pulling image "5.179.232.65:5000/some_api_image"
4s 4s 1 {kubelet 5.179.232.64} spec.containers{fgpra} Warning Failed Failed to pull image "5.179.232.65:5000/some_api_image": unable to ping registry endpoint https://5.179.232.65:5000/v0/
v2 ping attempt failed with error: Get https://5.179.232.65:5000/v2/: http: server gave HTTP response to HTTPS client
v1 ping attempt failed with error: Get https://5.179.232.65:5000/v1/_ping: http: server gave HTTP response to HTTPS client
4s 4s 1 {kubelet 5.179.232.64} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "fgpra" with ErrImagePull: "unable to ping registry endpoint https://5.179.232.65:5000/v0/\nv2 ping attempt failed with error: Get https://5.179.232.65:5000/v2/: http: server gave HTTP response to HTTPS client\n v1 ping attempt failed with error: Get https://5.179.232.65:5000/v1/_ping: http: server gave HTTP response to HTTPS client"
3s 3s 1 {kubelet 5.179.232.64} spec.containers{fgpra} Normal BackOff Back-off pulling image "5.179.232.65:5000/some_api_image"
3s 3s 1 {kubelet 5.179.232.64} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "fgpra" with ImagePullBackOff: "Back-off pulling image \"5.179.232.65:5000/some_api_image\""
I already configured my /etc/init.d/sysconfig/docker to use my insecure private registry. 我已经配置了我的/etc/init.d/sysconfig/docker来使用我不安全的私有注册表。
This is the command to start the kubernetes deployment : 这是启动kubernetes部署的命令:
kubectl run fgpra --image=5.179.232.65:5000/some_api_image --port=3000
How can I set kubernetes to pull from my private docker registry without using ssl? 如何在不使用ssl的情况下将kubernetes设置为从我的私有docker注册表中提取?
1 个解决方案
解决方案1
7 已采纳 2016-10-12 12:45:26
This rather a docker issue than a kubernetes one. 这是一个码头工人问题,而不是kubernetes问题。 You need to add your http registry as a insecure-registry to your docker daemon on each kubernetes node. 您需要将http注册表作为insecure-registry到每个kubernetes节点上的docker守护程序。
docker daemon --insecure-registry=5.179.232.65:5000
In most environment there is a file like /etc/default/docker where you can add this parameter. 在大多数环境中,有一个像/etc/default/docker这样的文件,您可以在其中添加此参数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.