Docker 为什么Pod中的私有映像在Kubernetes注册表插件中不起作用?
我对Kubernetes非常陌生,我设置了Kubernetes注册表加载项,只需通过Docker 为什么Pod中的私有映像在Kubernetes注册表插件中不起作用?,docker,registry,kubernetes,kubectl,Docker,Registry,Kubernetes,Kubectl,我对Kubernetes非常陌生,我设置了Kubernetes注册表加载项,只需通过ReplicationController中的emptyDir apiVersion: v1 kind: ReplicationController metadata: name: kube-registry-v0 namespace: kube-system labels: k8s-app: kube-registry-upstream version: v0 kuberne
ReplicationController
中的emptyDir
apiVersion: v1
kind: ReplicationController
metadata:
name: kube-registry-v0
namespace: kube-system
labels:
k8s-app: kube-registry-upstream
version: v0
kubernetes.io/cluster-service: "true"
spec:
replicas: 1
selector:
k8s-app: kube-registry-upstream
version: v0
template:
metadata:
labels:
k8s-app: kube-registry-upstream
version: v0
kubernetes.io/cluster-service: "true"
spec:
containers:
- name: registry
image: registry:2
resources:
limits:
cpu: 100m
memory: 100Mi
env:
- name: REGISTRY_HTTP_ADDR
value: :5000
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: /var/lib/registry
volumeMounts:
- name: image-store
mountPath: /var/lib/registry
ports:
- containerPort: 5000
name: registry
protocol: TCP
volumes:
- name: image-store
emptyDir: {}
然后我转发5000
端口,如下所示
$POD=$(kubectl get pods --namespace kube-system -l k8s-app=kube-registry-upstream \
-o template --template '{{range .items}}{{.metadata.name}} {{.status.phase}}{{"\n"}}{{end}}' \
| grep Running | head -1 | cut -f1 -d' ')
$kubectl port-forward --namespace kube-system $POD 5000:5000 &
$docker tag alpine localhost:5000/nurrony/alpine
$docker push localhost:5000/nurrony/alpine
我可以按如下方式推送我的图像
$POD=$(kubectl get pods --namespace kube-system -l k8s-app=kube-registry-upstream \
-o template --template '{{range .items}}{{.metadata.name}} {{.status.phase}}{{"\n"}}{{end}}' \
| grep Running | head -1 | cut -f1 -d' ')
$kubectl port-forward --namespace kube-system $POD 5000:5000 &
$docker tag alpine localhost:5000/nurrony/alpine
$docker push localhost:5000/nurrony/alpine
然后我写了一个Pod来测试它,如下所示
Version: v1
kind: Pod
metadata:
name: registry-demo
labels:
purpose: registry-demo
spec:
containers:
- name: registry-demo-container
image: localhost:5000/nurrony/alpine
command: ["printenv"]
args: ["HOSTNAME", "KUBERNETES_PORT"]
env:
- name: MESSAGE
value: "hello world"
command: ["/bin/echo"]
args: ["$(MESSAGE)"]
这是一个错误
Failed to pull image "localhost:5000/nurrony/alpine": image pull failed for localhost:5000/nurrony/alpine:latest, this may be because there are no credentials on this request. details: (net/http: request canceled)
知道为什么会这样吗?提前感谢。很可能您的代理不起作用 Docker Registry K8S插件附带守护程序集,它为运行kubelets的每个节点定义注册表代理。我建议您检查这些代理,因为它们会将Docker Registry(K8S)服务映射到每个节点上的localhost:5000 请注意,即使您的注册表代理上有绿色复选标记,也不意味着它们工作正常。打开他们的日志,确保一切正常 如果配置了代理,但仍然出现此错误,则kube注册表代理中的环境变量REGISTRY_HOST很可能是错误的。您是否像示例中那样在这里使用DNS?您的DNS配置正确吗?如果您将此变量放入服务的ClusterIP中,是否有效 另外,请注意,您的RC标签需要与SVC选择器匹配,否则服务无法发现您的POD 希望能有帮助