k8s：使 k8s 可以访问本地图像

Question

I've just installed a k8s cluster (k3d).

I'm just playing with that and I'm running against the first newbie issue: How to load our local created images.

I mean, I've just created a docker image tagged as quarkus/feedly:v1 .

1. How could I make it accessible for k8s cluster?
2. Which is the default k8s container runtime?
3. Does exist any interaction with my k8s cluster and my local docker? I mean, Have each k8s node installed a docker/rkt/containerd runtime?
4. Could I create a docker registry inside kubernetes, as a manifest? How could I make that kubernetes make access to it?

I've deployed my manifest and I'm getting these events:

Failed to pull image "quarkus/feedly:0.0.1-SNAPSHOT": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/quarkus/feedly:0.0.1-SNAPSHOT": failed to resolve reference "docker.io/quarkus/feedly:0.0.1-SNAPSHOT": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

I know it's a normal error since quarkus registry doesn't exist.

Any helping code over there?

Answer 1

Here are some pointers :

1. To make your image accessible through your k8s cluster, you need to use a registry that is accessible from your cluster node. So either, create an account on the docker hub and use this one, or install a local image registry and use it.
2. Docker is the default container runtime used by a majority of k8s distribution. However, you can use any OCI compatible runtime (containerd for example). rkt is no longer a living project, so i advise not to use it.
3. Well, it depends on the k8s distribution you're using. Anyway, each nodes on the cluster need a container runtime installed on it. It is mandatory.
4. Deploying a Docker registry as a kubernetes resource is probably not a good idea, as you'll have to much configuration to make it work. However, the best solution is to deploy a docker registry inside one of your node and then call it using the node IP. You have a configuration example in the official doc . By the way, Docker provide a registry as a Docker image , so the installation is pretty simple.

Hope this helps !

Answer 2

If you are using k3d, and this is just for playing around ( Not Production intended ) and for any reason don't want to use any of the many Container Registries that are out there such:

• dockerhub
• Azure Container Registry
• Amazon Elastic Container Registry
• Red Hat Quay
• JFrog Container Registry
• etc...

You could add registries by specifying them in a registries.yaml

k3d cluster create mycluster --volume "/home/YOU/my-registries.yaml:/etc/rancher/k3s/registries.yaml"

and create your own registry locally using docker:

docker volume create local_registry
docker container run -d --name registry.localhost -v local_registry:/var/lib/registry --restart always -p 5000:5000 registry:2

👆Notice, what it does is to create the registry using this image:

• https://hub.docker.com/_/registry

From DockerHub 🤷‍♂️ which is one of the docker registries you avoided

Here you can find more information on how to set it up: https://k3d.io/usage/guides/registries/

And finally, please remember that when you get your images from a private registry, you have to tell K8s the authentication information for your private registry, so it can download the image.... otherwise it will give you this error:

...pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

You can find more documentation on how to set this up here:

• https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/