堆栈内存溢出
  简体   繁体   English

带有私有 docker 注册表 v2 的 Kubernetes

[英]Kubernetes with private docker registry v2

 原文  2018-09-19 22:02:59       docker/ kubernetes/ registry/ docker-registry

问题描述

I am trying to setup a private docker registry to work with Kubernetes.我正在尝试设置一个私有 docker 注册表来使用 Kubernetes。 I've setup the registry and the master-server thats running the Kubernetes cluster can pull images from the registry without a problem.我已经设置了注册表,并且运行 Kubernetes 集群的主服务器可以毫无问题地从注册表中提取图像。 Also, I've followed the docs of Kubernetes that explain how to connect to a private docker registry (see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ).此外,我遵循了 Kubernetes 的文档,其中解释了如何连接到私有 docker 注册表(请参阅https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ )。

However, when I try to pull images from the docker registry through Kubernetes I get the following error:但是,当我尝试通过 Kubernetes 从 docker 注册表中提取图像时,出现以下错误:

Failed to pull image "xxx.xxx.xxx.xxx:5000/helloworld:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://xxx.xxx.xxx.xxx:5000/v1/_ping: x509: certificate signed by unknown authority

What I noticed is that the link that ends with v1/_ping is incorrect, it should be v2/_ping.我注意到以v1/_ping结尾的链接不正确,应该是v2/_ping。

I ran the following command to generate my regcred:我运行以下命令来生成我的注册:

kubectl create secret docker-registry regcred --docker-server="https://xxx.xxx.xxx.xxx:5000/v2/" --docker-username=xxxxx --docker-password=xxxxxx --docker-email=xxxx@xxx.xx

I also googled a bit and found this: https://github.com/kubernetes/kubernetes/issues/20786我也用谷歌搜索了一下,发现了这个: https : //github.com/kubernetes/kubernetes/issues/20786

These suggestions, unfortunately, it didn't help, but they do indicate that more people face the same issue.不幸的是,这些建议并没有帮助,但它们确实表明更多人面临同样的问题。

Does someone know how to correctly setup a docker registry v2 with Kubernetes?有人知道如何使用 Kubernetes 正确设置 docker registry v2 吗?

Thanks谢谢

2 个解决方案

解决方案1
 1 已采纳  2018-09-19 22:25:05

Solved this issue, the master-server by default doesn't launch your deployments.解决了这个问题,默认情况下主服务器不会启动您的部署。 So I needed to do the following at my slave servers:所以我需要在我的从服务器上执行以下操作:

  1. Add the certificate to /etc/docker/certs.d/my-registry-domain.com[:port]/ca.crt将证书添加到 /etc/docker/certs.d/my-registry-domain.com[:port]/ca.crt
  2. Do docker login my-registry-domain.com[:port] docker login my-registry-domain.com[:port]
  3. Add the docker registry secret to Kubernetes (see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ) --docker-server=docker-registry-domain.com/v2/ or v1 depending on what you run将 docker 注册表密钥添加到 Kubernetes(请参阅https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)--docker-server=docker-registry-domain.com/ v2/ 或 v1 取决于您运行的内容
  4. Now it will successfully pull images from the docker registry.现在它将成功地从 docker 注册表中提取图像。

Hope it will help someone.希望它会帮助某人。

解决方案2
 0  2018-09-20 06:34:36

Secure regisrty 

Registry servser side (http://tech.paulcz.net/2016/01/deploying-a-secure-docker-registry/)
1.mkdir -p /opt/registry/{data,ssl,config}
2. docker run --rm \
  -v /opt/registry/ssl:/certs \
  -e SSL_IP=172.17.8.101 \
  -e SSL_DNS=registry.local \
  paulczar/omgwtfssl

3.create /opt/registry/config/registry.env
# location of registry data
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/opt/registry/data

# location of TLK key/cert
REGISTRY_HTTP_TLS_KEY=/opt/registry/ssl/key.pem
REGISTRY_HTTP_TLS_CERTIFICATE=/opt/registry/ssl/cert.pem

# location of CA of trusted clients
REGISTRY_HTTP_TLS_CLIENTCAS_0=/opt/registry/ssl/ca.pem


4.docker run -d --name registry \
  -v /opt/registry:/opt/registry \
  -p 443:5000 --restart always \
  --env-file /opt/registry/config/registry.env \
  registry:2

5.$ docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
Digest: sha256:78a756d480bcbc35db6dcc05b08228a39b32c2b2c7e02336a2dcaa196547a41d
Status: Downloaded newer image for alpine:latest
$ docker tag alpine 127.0.0.1/alpine
$ docker push 127.0.0.1/alpine

Registry client side

6.$ sudo mkdir -p /etc/docker/certs.d/172.17.8.101 (make in all node )
$ sudo scp core@172.17.8.101:/opt/docker/registry/ca.pem \
    /etc/docker/certs.d/172.17.8.101/ca.crt

7.$ docker pull 172.17.8.101/alpine
Using default tag: latest
latest: Pulling from alpine

340b2f9a2643: Already exists 
Digest: sha256:a96155be113bb2b4b82ebbc11cf1b511726c5b41617a70e0772f8180afc72fa5
Status: Downloaded newer image for 172.17.8.101/alpine:latest

mkdir 35.187.233.18`enter code here`2
cd 35.187.233.182/
rsync -avz 35.185.179.71:/opt/registry/ssl/ca.pem .
mv ca.pem ca.crt
docker run --rm   -v /opt/registry/ssl:/certs   -e SSL_IP=35.185.179.71   -e SSL_DNS=registry.local   paulczar/omgwtfssl
docker run -d --name registry3   -v /opt/registry:/opt/registry   -p 443:5000 --restart always   --env-file /opt/registry/config/registry.env   registry:2

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 登录haproxy后面的私有docker注册表v2 - Logging in to private docker registry v2 behind haproxy 列出带有在 Private Docker Registry V2 中创建日期的图像标签 - List image tags with date created in Private Docker Registry V2 如何使用 Docker Registry API V2 从私有注册表中删除映像? - How can I use the Docker Registry API V2 to delete an image from a private registry? 使用SSL和基本身份验证在AWS ECS上运行私有docker注册表v2 - Running private docker registry v2 on AWS ECS with SSL and basic auth 在nginx代理后面使用docker private registry(v2)格式错误的HTTP响应 - malformed HTTP response with docker private registry (v2) behind an nginx proxy 如何在(私有)Docker 注册表(API v2)中查找图像的创建日期? - How to find the creation date of an image in a (private) Docker registry (API v2)? 如何使用curl访问docker Registry v2? - how to access docker registry v2 with curl? 无法删除 Docker Registry v2 映像 - Docker Registry v2 Images cannot be removed 从 docker registry v2 中删除图像 - delete image from docker registry v2 如何在 docker registry v2 中标记图像 - how to tag image in docker registry v2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM