Fatal编程技术网
  • docker/
  • Docker 为什么Pod中的私有映像在Kubernetes注册表插件中不起作用?

Docker 为什么Pod中的私有映像在Kubernetes注册表插件中不起作用?

docker kubernetes

Docker 为什么Pod中的私有映像在Kubernetes注册表插件中不起作用?,docker,registry,kubernetes,kubectl,Docker,Registry,Kubernetes,Kubectl,我对Kubernetes非常陌生,我设置了Kubernetes注册表加载项,只需通过ReplicationController中的emptyDir apiVersion: v1 kind: ReplicationController metadata: name: kube-registry-v0 namespace: kube-system labels: k8s-app: kube-registry-upstream version: v0 kuberne

我对Kubernetes非常陌生,我设置了Kubernetes注册表加载项,只需通过
ReplicationController
中的
emptyDir

apiVersion: v1
kind: ReplicationController
metadata:
  name: kube-registry-v0
  namespace: kube-system
  labels:
    k8s-app: kube-registry-upstream
    version: v0
    kubernetes.io/cluster-service: "true"
spec:
  replicas: 1
  selector:
    k8s-app: kube-registry-upstream
    version: v0
  template:
    metadata:
      labels:
        k8s-app: kube-registry-upstream
        version: v0
        kubernetes.io/cluster-service: "true"
    spec:
      containers:
      - name: registry
        image: registry:2
        resources:
          limits:
            cpu: 100m
            memory: 100Mi
        env:
        - name: REGISTRY_HTTP_ADDR
          value: :5000
        - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
          value: /var/lib/registry
        volumeMounts:
        - name: image-store
          mountPath: /var/lib/registry
        ports:
        - containerPort: 5000
          name: registry
          protocol: TCP
      volumes:
       - name: image-store
         emptyDir: {}
然后我转发
5000
端口,如下所示

$POD=$(kubectl get pods --namespace kube-system -l k8s-app=kube-registry-upstream \
            -o template --template '{{range .items}}{{.metadata.name}} {{.status.phase}}{{"\n"}}{{end}}' \
            | grep Running | head -1 | cut -f1 -d' ')


$kubectl port-forward --namespace kube-system $POD 5000:5000 &

$docker tag alpine localhost:5000/nurrony/alpine
$docker push localhost:5000/nurrony/alpine
我可以按如下方式推送我的图像

$POD=$(kubectl get pods --namespace kube-system -l k8s-app=kube-registry-upstream \
            -o template --template '{{range .items}}{{.metadata.name}} {{.status.phase}}{{"\n"}}{{end}}' \
            | grep Running | head -1 | cut -f1 -d' ')


$kubectl port-forward --namespace kube-system $POD 5000:5000 &

$docker tag alpine localhost:5000/nurrony/alpine
$docker push localhost:5000/nurrony/alpine
然后我写了一个Pod来测试它,如下所示

Version: v1
kind: Pod
metadata:
  name: registry-demo
  labels:
    purpose: registry-demo
spec:
  containers:
    - name: registry-demo-container
      image: localhost:5000/nurrony/alpine
      command: ["printenv"]
      args: ["HOSTNAME", "KUBERNETES_PORT"]
      env:
      - name: MESSAGE
        value: "hello world"
      command: ["/bin/echo"]
      args: ["$(MESSAGE)"]
这是一个错误

Failed to pull image "localhost:5000/nurrony/alpine": image pull failed for localhost:5000/nurrony/alpine:latest, this may be because there are no credentials on this request. details: (net/http: request canceled)
知道为什么会这样吗?提前感谢。

很可能您的代理不起作用

Docker Registry K8S插件附带守护程序集,它为运行kubelets的每个节点定义注册表代理。我建议您检查这些代理,因为它们会将Docker Registry(K8S)服务映射到每个节点上的localhost:5000

请注意,即使您的注册表代理上有绿色复选标记,也不意味着它们工作正常。打开他们的日志,确保一切正常

如果配置了代理,但仍然出现此错误,则kube注册表代理中的环境变量REGISTRY_HOST很可能是错误的。您是否像示例中那样在这里使用DNS?您的DNS配置正确吗?如果您将此变量放入服务的ClusterIP中,是否有效

另外,请注意,您的RC标签需要与SVC选择器匹配,否则服务无法发现您的POD

希望能有帮助