I have stacked in this phase:
Need to deploy below deployment, but kube.netes cannot pull images, error message:
Failed to pull image "192.168.1.161:5000/kafka:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://192.168.1.161:5000/v2/ : http: server gave HTTP response to HTTPS client
apiVersion: v1
kind: Service
metadata:
name: kafka
labels:
app: kafka
spec:
type: NodePort
ports:
- name: port9094
port: 9094
targetPort: 9094
selector:
app: kafka
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kafka
spec:
replicas: 1
template:
metadata:
labels:
app: kafka
spec:
hostname: kafka
containers:
- name: redis
image: 192.168.1.161:5000/kafka:latest
imagePullPolicy: Always
ports:
- name: port9094
containerPort: 9094
- envFrom:
- configMapRef:
name: env
imagePullSecrets:
- name: regsec
ON Kube.netes cluster I have created secret file "regsec" with this command:
kubectl create secret docker-registry regsec --docker-server=192.168.1.161 --docker-username=<name from config file> --docker-password=<token value from config file>
cat ~/.docker/config.json
{
"auths": {},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.06.0-ce (linux)"
}
cat /etc/docker/daemon.json
{
"insecure-registries":["192.168.1.161:5000"]
}
kubectl version
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:17:28Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:05:37Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
docker version
Client:
Version: 18.06.0-ce
API version: 1.38
Go version: go1.10.3
Git commit: 0ffa825
Built: Wed Jul 18 19:09:54 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.0-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: 0ffa825
Built: Wed Jul 18 19:07:56 2018
OS/Arch: linux/amd64
Experimental: false
I used minikube
for my Kube.netes cluster.
When I tried to apply
a Pod with an image from my private docker registry (that is local, without authentication), the Pod didn't run and describe
had a message indicating the repository wasn't reached (paraphrasing).
To fix this, I had to configure insecure-registry
for the Docker daemon. According to the Docker docs , this can be done in two ways: as a flag passed to the dockerd
command, or by modifying /etc/docker/daemon.json
(on Linux).
However, as I used minikube
to create and configure the cluster and daemon, I instead followed the minikube
docs to set the flag --insecure-registry
. The complete command is:
minikube start --insecure-registry "DOMAIN_DOCKER_REGISTRY:PORT_DOCKER_REGISTRY"
You need to go to each of your nodes, edit the file /etc/default/docker.json
and add the following in it:
{
“insecure-registries”: ["192.168.1.161:5000"]
}
I have come to this thread over and over again trying to find the correct answer to get rid of certificates issues, without much success.
I finally solved the problem by installing the self signed certificate root on the system for all the kube.netes machines. That finally fixes the issue. On Ubuntu, you can import via:
sudo mv internal-ca.cert /usr/local/share/ca-certificates/internal-ca.crt
sudo update-ca-certificates
Keep in mind that if you have a certificate chain, it will require the root certificate, not the immediate certficate. You can check if the import worked by running:
openssl s_client -connect <YOUR REGISTRY HERE> -showcerts < /dev/null
You should see something like:
CONNECTED(00000005)
as the response.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.