所以我部署了一个Kubernetes集群并安装了一个私有的Docker注册表。这是我的注册表控制器:
---
apiVersion: v1
kind: ReplicationController
metadata:
name: registry-master
labels:
name: registry-master
spec:
replicas: 1
selector:
name: registry-master
template:
metadata:
labels:
name: registry-master
spec:
containers:
- name: registry-master
image: registry
ports:
- containerPort: 5000
command: ["docker-registry"]
服务:
---
apiVersion: v1
kind: Service
metadata:
name: registry-master
labels:
name: registry-master
spec:
ports:
# the port that this service should serve on
- port: 5000
targetPort: 5000
selector:
name: registry-master
现在我对Kubernetes的一个节点进行了攻击并构建了一个Ruby app容器:
cd /tmp
git clone https://github.com/RichardKnop/sinatra-redis-blog.git
cd sinatra-redis-blog
docker build -t ruby-redis-app
当我尝试标记它并将其推送到注册表时:
docker tag ruby-redis-app registry-master/ruby-redis-app
docker push 10.100.129.115:5000/registry-master/ruby-redis-app
我收到此错误:
Error response from daemon: invalid registry endpoint https://10.100.129.115:5000/v0/: unable to ping registry endpoint https://10.100.129.115:5000/v0/
v2 ping attempt failed with error: Get https://10.100.129.115:5000/v2/: read tcp 10.100.129.115:5000: connection reset by peer
v1 ping attempt failed with error: Get https://10.100.129.115:5000/v1/_ping: read tcp 10.100.129.115:5000: connection reset by peer. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 10.100.129.115:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/10.100.129.115:5000/ca.crt
知道怎么解决吗?我一直在努力奋斗几个小时。
理查德
答案 0 :(得分:1)
如果您正在使用HTTPS,则必须已创建自签名证书(具有您自己的CA权限),或者您拥有CA签名证书。
如果是这样,您需要在您正在调用FROM
的计算机上安装此CA证书将您的CA证书放入
/etc/ssl/certs
并运行
update-ca-certificates
有时我不得不把它也放在
中/usr/local/share/ca-certificates/
(在这两种情况下,您的CA文件EXTENSION应为.pem
对于Docker,您可能还需要将文件放入
/etc/docker/certs.d/<--your-site-url--->/ca.crt
并且文件必须命名为ca.crt
(与.pem文件相同的文件文件,但命名为ca.crt)
答案 1 :(得分:0)
我看到了类似的问题,这与我的注册表不支持https有关。如果您的注册表不支持https,那么您必须指定它是docker守护程序的不安全注册表
echo&#39; DOCKER_OPTS =&#34; - insecure-registry 10.100.129.115:5000"&#39; | sudo tee -a / etc / default / docker
然后重新启动docker守护程序。
答案 2 :(得分:0)
如果您使用的是Ubuntu,请将此行添加到/etc/default/docker
文件中。
$DOCKER_OPTS=“--insecure-registry xxx.xxx.xxx.xxx:5000”
xxx.xxx.xxx.xxx
是您的私人注册表ip。
然后重新启动docker客户端。
sudo docker service restart