为什么在Kubernetes Registry插件中无法在Pod中提取私有映像?
[英]Why pulling private image in Pod is not working in Kubernetes Registry addon?
问题描述
I am very new to Kubernetes and I setup Kubernetes Registry addons just copy and pasting the yaml from Kubernetes Registry Addon just a small change in ReplicationController with emptyDir 
我是Kubernetes的新手,我设置Kubernetes Registry插件只是从Kubernetes Registry Addon复制并粘贴yaml,这是ReplicationController一个很小的更改,带有emptyDir
apiVersion: v1
kind: ReplicationController
metadata:
name: kube-registry-v0
namespace: kube-system
labels:
k8s-app: kube-registry-upstream
version: v0
kubernetes.io/cluster-service: "true"
spec:
replicas: 1
selector:
k8s-app: kube-registry-upstream
version: v0
template:
metadata:
labels:
k8s-app: kube-registry-upstream
version: v0
kubernetes.io/cluster-service: "true"
spec:
containers:
- name: registry
image: registry:2
resources:
limits:
cpu: 100m
memory: 100Mi
env:
- name: REGISTRY_HTTP_ADDR
value: :5000
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: /var/lib/registry
volumeMounts:
- name: image-store
mountPath: /var/lib/registry
ports:
- containerPort: 5000
name: registry
protocol: TCP
volumes:
- name: image-store
emptyDir: {}
Then I forward the 5000 port as follows 然后我如下转发5000端口
$POD=$(kubectl get pods --namespace kube-system -l k8s-app=kube-registry-upstream \
-o template --template '{{range .items}}{{.metadata.name}} {{.status.phase}}{{"\n"}}{{end}}' \
| grep Running | head -1 | cut -f1 -d' ')
$kubectl port-forward --namespace kube-system $POD 5000:5000 &
I can push my images fine as follows 我可以按如下方式很好地推送图像
$docker tag alpine localhost:5000/nurrony/alpine
$docker push localhost:5000/nurrony/alpine
Then I write a Pod to test it like below 然后我写一个Pod来测试它,如下所示
Version: v1
kind: Pod
metadata:
name: registry-demo
labels:
purpose: registry-demo
spec:
containers:
- name: registry-demo-container
image: localhost:5000/nurrony/alpine
command: ["printenv"]
args: ["HOSTNAME", "KUBERNETES_PORT"]
env:
- name: MESSAGE
value: "hello world"
command: ["/bin/echo"]
args: ["$(MESSAGE)"]
It is throwing an error 它抛出一个错误
Failed to pull image "localhost:5000/nurrony/alpine": image pull failed for localhost:5000/nurrony/alpine:latest, this may be because there are no credentials on this request. details: (net/http: request canceled)
Any idea why is this happening? 知道为什么会这样吗? Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0
Most likely your proxy is not working. 您的代理很可能无法正常工作。
The Docker Registry K8S addon comes with DaemonSet which defines registry proxy for every node which runes your kubelets. Docker Registry K8S插件随附DaemonSet,它为运行您的kubelet的每个节点定义注册表代理。 What I would suggest you is to inspect those proxies since they will map Docker Registry (K8S) Service to localhost:5000 on every node. 我建议您检查这些代理,因为它们会将Docker Registry(K8S)服务映射到每个节点上的localhost:5000。
Please note, that even if you have green check mark on your registry proxies that does not mean they work correctly. 请注意,即使您的注册表代理上有绿色的复选标记,也并不意味着它们可以正常工作。 Open the logs of them and make sure that everything is working. 打开它们的日志,并确保一切正常。
If your proxy is configured and you are still getting this error then most likely environment variable REGISTRY_HOST inside kube-registry-proxy is wrong. 如果您的代理已配置,但仍然出现此错误,则kube-registry-proxy中最有可能的环境变量REGISTRY_HOST是错误的。 Are you using DNS here like in example? 您是否像示例一样在此处使用DNS? Is your DNS configured correctely? 您的DNS是否配置正确? Is it working if you put this variable to ClusterIP of your service? 如果将此变量放入服务的ClusterIP是否有效?
Also, please be aware that your RC labels need to match SVC selectors, otherwise service cannot discover your pods. 另外,请注意,您的RC标签需要匹配SVC选择器,否则服务将无法找到您的Pod。
Hope it helps. 希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.