我正在尝试设置一个私有Docker注册表以与Kubernetes一起使用。我已经设置了注册表,运行Kubernetes集群的主服务器可以毫无问题地从注册表中提取图像。另外,我关注了Kubernetes的文档,该文档解释了如何连接到私有Docker注册表(请参见https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)。
但是,当我尝试通过Kubernetes从docker注册表中提取图像时,出现以下错误:
Failed to pull image "xxx.xxx.xxx.xxx:5000/helloworld:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://xxx.xxx.xxx.xxx:5000/v1/_ping: x509: certificate signed by unknown authority
我注意到以v1 / _ping结尾的链接不正确,它应该是v2 / _ping。
我运行了以下命令来生成我的注册表:
kubectl create secret docker-registry regcred --docker-server="https://xxx.xxx.xxx.xxx:5000/v2/" --docker-username=xxxxx --docker-password=xxxxxx --docker-email=xxxx@xxx.xx
我也在谷歌上搜索了一下: https://github.com/kubernetes/kubernetes/issues/20786
不幸的是,这些建议没有帮助,但确实表明有更多人面临同样的问题。
有人知道如何使用Kubernetes正确设置Docker注册表v2吗?
谢谢
答案 0 :(得分:1)
解决了此问题,默认情况下,主服务器不会启动您的部署。因此,我需要在从属服务器上执行以下操作:
希望它将对某人有所帮助。
答案 1 :(得分:0)
Secure regisrty
Registry servser side (http://tech.paulcz.net/2016/01/deploying-a-secure-docker-registry/)
1.mkdir -p /opt/registry/{data,ssl,config}
2. docker run --rm \
-v /opt/registry/ssl:/certs \
-e SSL_IP=172.17.8.101 \
-e SSL_DNS=registry.local \
paulczar/omgwtfssl
3.create /opt/registry/config/registry.env
# location of registry data
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/opt/registry/data
# location of TLK key/cert
REGISTRY_HTTP_TLS_KEY=/opt/registry/ssl/key.pem
REGISTRY_HTTP_TLS_CERTIFICATE=/opt/registry/ssl/cert.pem
# location of CA of trusted clients
REGISTRY_HTTP_TLS_CLIENTCAS_0=/opt/registry/ssl/ca.pem
4.docker run -d --name registry \
-v /opt/registry:/opt/registry \
-p 443:5000 --restart always \
--env-file /opt/registry/config/registry.env \
registry:2
5.$ docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
Digest: sha256:78a756d480bcbc35db6dcc05b08228a39b32c2b2c7e02336a2dcaa196547a41d
Status: Downloaded newer image for alpine:latest
$ docker tag alpine 127.0.0.1/alpine
$ docker push 127.0.0.1/alpine
Registry client side
6.$ sudo mkdir -p /etc/docker/certs.d/172.17.8.101 (make in all node )
$ sudo scp core@172.17.8.101:/opt/docker/registry/ca.pem \
/etc/docker/certs.d/172.17.8.101/ca.crt
7.$ docker pull 172.17.8.101/alpine
Using default tag: latest
latest: Pulling from alpine
340b2f9a2643: Already exists
Digest: sha256:a96155be113bb2b4b82ebbc11cf1b511726c5b41617a70e0772f8180afc72fa5
Status: Downloaded newer image for 172.17.8.101/alpine:latest
mkdir 35.187.233.18`enter code here`2
cd 35.187.233.182/
rsync -avz 35.185.179.71:/opt/registry/ssl/ca.pem .
mv ca.pem ca.crt
docker run --rm -v /opt/registry/ssl:/certs -e SSL_IP=35.185.179.71 -e SSL_DNS=registry.local paulczar/omgwtfssl
docker run -d --name registry3 -v /opt/registry:/opt/registry -p 443:5000 --restart always --env-file /opt/registry/config/registry.env registry:2