堆棧內存溢出
  簡體   English   中英

kubernetes無法從私有Docker注冊表中提取圖像

[英]kubernetes not able to pull images from private docker registry

 原文  2018-03-02 20:16:11       kubernetes/ docker-registry

問題描述

我想創建一個自定義的docker映像,並能夠使用kubernetes從私有docker注冊表中提取我的自定義的docker映像。 這是我的設置:

環境:docker Registry ip:10.179.143.115 kubernetes master ip:10.179.143.113

  1. 生成證書: 
 curl -O https://raw.githubusercontent.com/driskell/log-courier/1.x/src/lc-tlscert/lc-tlscert.go go build lc-tlscert.go ./lc-tlscert mkdir certs mv selfsigned.* certs/
  1. 創建docker注冊表:

docker run -d --restart =總是--name注冊表-v`pwd` / certs:/ certs -e REGISTRY_HTTP_ADDR = 0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE = / certs / selfsigned.crt -e REGISTRY_HTTP_TLS_KEY = / certs / selfsigned .key -p 443:443注冊表:2

  1. 創建我的自定義docker vm(只需使用其他名稱標記vm以進行測試) 
 docker pull tomcat docker tag tomcat 10.179.143.115/test-tomcat docker push 10.179.143.115/test-tomcat
  1. 在Kubernetes主機上: 
 copy selfsigned.*(crt and key file) to /usr/local/share/ca-certificates/ sudo update-ca-certificates sudo service docker restart

root @ kubernetes-master:〜#個docker鏡像 

 REPOSITORY TAG IMAGE ID CREATED SIZE gcr.io/google_containers/kube-apiserver-amd64 v1.9.3 360d55f91cbf 3 weeks ago 210 MB gcr.io/google_containers/kube-controller-manager-amd64 v1.9.3 83dbda6ee810 3 weeks ago 138 MB gcr.io/google_containers/kube-proxy-amd64 v1.9.3 35fdc6da5fd8 3 weeks ago 109 MB gcr.io/google_containers/kube-scheduler-amd64 v1.9.3 d3534b539b76 3 weeks ago 62.7 MB quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 5 weeks ago 44.6 MB gcr.io/google_containers/etcd-amd64 3.1.11 59d36f27cceb 2 months ago 194 MB gcr.io/google_containers/k8s-dns-sidecar-amd64 1.14.7 db76ee297b85 4 months ago 42 MB gcr.io/google_containers/k8s-dns-kube-dns-amd64 1.14.7 5d049a8c4eec 4 months ago 50.3 MB gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64 1.14.7 5feec37454f4 4 months ago 41 MB gcr.io/google_containers/pause-amd64 3.0 99e59f495ffa 22 months ago 747 kB root@kubernetes-master:~# docker pull 10.179.143.115/test-tomcat Using default tag: latest latest: Pulling from test-tomcat f0f063e89695: Pull complete d9b7671d4a80: Pull complete 6eb55822688c: Pull complete a85cc2721f25: Pull complete ee9e2e7b610a: Pull complete 562dd1fb5637: Pull complete e8e2e3cceeee: Pull complete 86cbf3cde839: Pull complete 3678522c43a2: Pull complete 50ea7ae5efa3: Pull complete e81b257a8ae8: Pull complete 5b298dc937bc: Pull complete Digest: sha256:332fa1b89534f0b0e45c636a26edb8520b15bcdfc05ef5450efae3e71d1b1361 Status: Downloaded newer image for 10.179.143.115/test-tomcat:latest

5.但是,當我想創建一個kubernete pod時: 

  test.yaml: apiVersion: v1 kind: Pod metadata: name: test spec: containers: - name: test image: 10.179.143.115/test-tomcat 
kubectl create -f test.yaml

root@kubernetes-master:~# kubectl describe pods test

Name:         test
Namespace:    default
Node:         kubernetes-node/10.179.143.114
Start Time:   Fri, 02 Mar 2018 15:02:20 -0500
Labels:       <none>
Annotations:  <none>
Status:       Pending
IP:
Containers:
  test:
    Container ID:
    Image:          10.179.143.115/test-tomcat
    Image ID:
    Port:           <none>
    State:          Waiting
      Reason:       ErrImagePull
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-lvz9r (ro)
Conditions:
  Type           Status
  Initialized    True
  Ready          False
  PodScheduled   True
Volumes:
  default-token-lvz9r:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-lvz9r
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason                 Age               From                      Message
  ----     ------                 ----              ----                      -------
  Normal   Scheduled              32s               default-scheduler         Successfully assigned test to kubernetes-node
  Normal   SuccessfulMountVolume  31s               kubelet, kubernetes-node  MountVolume.SetUp succeeded for volume "default-token-lvz9r"
  Normal   Pulling                9s (x2 over 21s)  kubelet, kubernetes-node  pulling image "10.179.143.115/test-tomcat"
  Warning  Failed                 9s (x2 over 21s)  kubelet, kubernetes-node  Failed to pull image "10.179.143.115/test-tomcat": rpc error: code = Unknown desc = Error response from daemon: Get https://10.179.143.115/v1/_ping: x509: certificate signed by unknown authority
  Warning  Failed                 9s (x2 over 21s)  kubelet, kubernetes-node  Error: ErrImagePull
  Normal   SandboxChanged         9s (x2 over 20s)  kubelet, kubernetes-node  Pod sandbox changed, it will be killed and re-created.

6.錯誤信息是: 

Failed to pull image "10.179.143.115/test-tomcat": rpc error: code = Unknown desc = Error response from daemon: Get https://10.179.143.115/v1/_ping: x509: certificate signed by unknown authority

請承受我的格式錯誤,並預先感謝!

2 個解決方案

解決方案1
 3  2018-03-05 20:19:26

感謝所有的幫助! 這是我如何使其工作的后續措施。

當我將所有證書復制到kubenetes master時,我可以從我的私有注冊表中提取和推送docker映像。 但是當我想創建kubernetes容器時,它不起作用。 我意識到我還需要將所有證書復制到我的kubernetes從站,這是kubernetes實際上從私有docker注冊表中提取映像的地方。 將證書復制到“ / usr / local / share / ca-certificates /”並運行“ sudo update-ca-certificates; sudo service docker restart”之后,我現在可以創建Pod!

解決方案2
 -1  2018-03-02 20:48:26

據我了解,必須創建一個Secret資源才能使用私有Docker注冊表。 請參閱Kubernetes文檔

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 一旦啟用Kubernetes,Windows的Docker無法從我的私有注冊表中提取圖像 docker 桌面 kubernetes 無法從私有注冊表中提取 無法從Kubernetes上的私有Docker Hub注冊表中提取 Kubernetes 不會從私有 Docker Registry 中提取 如何使用最新的 Kubernetes 從不安全的私有注冊表中提取 docker 映像 如何從 Kube.netes pod 中運行的私有 docker 注冊表中拉取鏡像? kubernetes 無法從私有 docker 注冊表中拉取鏡像 kubernetes無法從Docker私有注冊表中提取映像 Kubernetes containerd 無法從私有注冊表中提取圖像 Kubernetes 從私有注冊表中拉取鏡像失敗 --&gt; 未知字段“imagePullPolicy”
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM