![](/img/trans.png)
[英]Docker from windows is unable to pull images from my private registry once Kubernetes is enabled
[英]kubernetes not able to pull images from private docker registry
我想創建一個自定義的docker映像,並能夠使用kubernetes從私有docker注冊表中提取我的自定義的docker映像。 這是我的設置:
環境:docker Registry ip:10.179.143.115 kubernetes master ip:10.179.143.113
curl -O https://raw.githubusercontent.com/driskell/log-courier/1.x/src/lc-tlscert/lc-tlscert.go go build lc-tlscert.go ./lc-tlscert mkdir certs mv selfsigned.* certs/
docker run -d --restart =總是--name注冊表-v`pwd` / certs:/ certs -e REGISTRY_HTTP_ADDR = 0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE = / certs / selfsigned.crt -e REGISTRY_HTTP_TLS_KEY = / certs / selfsigned .key -p 443:443注冊表:2
docker pull tomcat docker tag tomcat 10.179.143.115/test-tomcat docker push 10.179.143.115/test-tomcat
copy selfsigned.*(crt and key file) to /usr/local/share/ca-certificates/ sudo update-ca-certificates sudo service docker restart
root @ kubernetes-master:〜#個docker鏡像
REPOSITORY TAG IMAGE ID CREATED SIZE gcr.io/google_containers/kube-apiserver-amd64 v1.9.3 360d55f91cbf 3 weeks ago 210 MB gcr.io/google_containers/kube-controller-manager-amd64 v1.9.3 83dbda6ee810 3 weeks ago 138 MB gcr.io/google_containers/kube-proxy-amd64 v1.9.3 35fdc6da5fd8 3 weeks ago 109 MB gcr.io/google_containers/kube-scheduler-amd64 v1.9.3 d3534b539b76 3 weeks ago 62.7 MB quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 5 weeks ago 44.6 MB gcr.io/google_containers/etcd-amd64 3.1.11 59d36f27cceb 2 months ago 194 MB gcr.io/google_containers/k8s-dns-sidecar-amd64 1.14.7 db76ee297b85 4 months ago 42 MB gcr.io/google_containers/k8s-dns-kube-dns-amd64 1.14.7 5d049a8c4eec 4 months ago 50.3 MB gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64 1.14.7 5feec37454f4 4 months ago 41 MB gcr.io/google_containers/pause-amd64 3.0 99e59f495ffa 22 months ago 747 kB root@kubernetes-master:~# docker pull 10.179.143.115/test-tomcat Using default tag: latest latest: Pulling from test-tomcat f0f063e89695: Pull complete d9b7671d4a80: Pull complete 6eb55822688c: Pull complete a85cc2721f25: Pull complete ee9e2e7b610a: Pull complete 562dd1fb5637: Pull complete e8e2e3cceeee: Pull complete 86cbf3cde839: Pull complete 3678522c43a2: Pull complete 50ea7ae5efa3: Pull complete e81b257a8ae8: Pull complete 5b298dc937bc: Pull complete Digest: sha256:332fa1b89534f0b0e45c636a26edb8520b15bcdfc05ef5450efae3e71d1b1361 Status: Downloaded newer image for 10.179.143.115/test-tomcat:latest
5.但是,當我想創建一個kubernete pod時:
test.yaml: apiVersion: v1 kind: Pod metadata: name: test spec: containers: - name: test image: 10.179.143.115/test-tomcat
kubectl create -f test.yaml
root@kubernetes-master:~# kubectl describe pods test
Name: test
Namespace: default
Node: kubernetes-node/10.179.143.114
Start Time: Fri, 02 Mar 2018 15:02:20 -0500
Labels: <none>
Annotations: <none>
Status: Pending
IP:
Containers:
test:
Container ID:
Image: 10.179.143.115/test-tomcat
Image ID:
Port: <none>
State: Waiting
Reason: ErrImagePull
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-lvz9r (ro)
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
Volumes:
default-token-lvz9r:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-lvz9r
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 32s default-scheduler Successfully assigned test to kubernetes-node
Normal SuccessfulMountVolume 31s kubelet, kubernetes-node MountVolume.SetUp succeeded for volume "default-token-lvz9r"
Normal Pulling 9s (x2 over 21s) kubelet, kubernetes-node pulling image "10.179.143.115/test-tomcat"
Warning Failed 9s (x2 over 21s) kubelet, kubernetes-node Failed to pull image "10.179.143.115/test-tomcat": rpc error: code = Unknown desc = Error response from daemon: Get https://10.179.143.115/v1/_ping: x509: certificate signed by unknown authority
Warning Failed 9s (x2 over 21s) kubelet, kubernetes-node Error: ErrImagePull
Normal SandboxChanged 9s (x2 over 20s) kubelet, kubernetes-node Pod sandbox changed, it will be killed and re-created.
6.錯誤信息是:
Failed to pull image "10.179.143.115/test-tomcat": rpc error: code = Unknown desc = Error response from daemon: Get https://10.179.143.115/v1/_ping: x509: certificate signed by unknown authority
請承受我的格式錯誤,並預先感謝!
感謝所有的幫助! 這是我如何使其工作的后續措施。
當我將所有證書復制到kubenetes master時,我可以從我的私有注冊表中提取和推送docker映像。 但是當我想創建kubernetes容器時,它不起作用。 我意識到我還需要將所有證書復制到我的kubernetes從站,這是kubernetes實際上從私有docker注冊表中提取映像的地方。 將證書復制到“ / usr / local / share / ca-certificates /”並運行“ sudo update-ca-certificates; sudo service docker restart”之后,我現在可以創建Pod!
據我了解,必須創建一個Secret資源才能使用私有Docker注冊表。 請參閱Kubernetes文檔 !
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.