Kubernetes私有Docker注册表推送错误

时间:2015-07-25 23:10:39

标签: docker kubernetes docker-registry

所以我部署了一个Kubernetes集群并安装了一个私有的Docker注册表。这是我的注册表控制器:

---
  apiVersion: v1
  kind: ReplicationController
  metadata:
    name: registry-master
    labels:
      name: registry-master
  spec:
    replicas: 1
    selector:
      name: registry-master
    template:
      metadata:
        labels:
          name: registry-master
      spec:
        containers:
        - name: registry-master
          image: registry
          ports:
          - containerPort: 5000
          command: ["docker-registry"]

服务:

---
  apiVersion: v1
  kind: Service
  metadata:
    name: registry-master
    labels:
      name: registry-master
  spec:
    ports:
      # the port that this service should serve on
    - port: 5000
      targetPort: 5000
    selector:
      name: registry-master

现在我对Kubernetes的一个节点进行了攻击并构建了一个Ruby app容器:

cd /tmp
git clone https://github.com/RichardKnop/sinatra-redis-blog.git
cd sinatra-redis-blog
docker build -t ruby-redis-app

当我尝试标记它并将其推送到注册表时:

docker tag ruby-redis-app registry-master/ruby-redis-app
docker push 10.100.129.115:5000/registry-master/ruby-redis-app

我收到此错误:

Error response from daemon: invalid registry endpoint https://10.100.129.115:5000/v0/: unable to ping registry endpoint https://10.100.129.115:5000/v0/
v2 ping attempt failed with error: Get https://10.100.129.115:5000/v2/: read tcp 10.100.129.115:5000: connection reset by peer
 v1 ping attempt failed with error: Get https://10.100.129.115:5000/v1/_ping: read tcp 10.100.129.115:5000: connection reset by peer. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 10.100.129.115:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/10.100.129.115:5000/ca.crt

知道怎么解决吗?我一直在努力奋斗几个小时。

理查德

3 个答案:

答案 0 :(得分:1)

如果您正在使用HTTPS,则必须已创建自签名证书(具有您自己的CA权限),或者您拥有CA签名证书。

如果是这样,您需要在您正在调用FROM

的计算机上安装此CA证书

将您的CA证书放入

/etc/ssl/certs

并运行

update-ca-certificates

有时我不得不把它也放在

/usr/local/share/ca-certificates/

(在这两种情况下,您的CA文件EXTENSION应为.pem

对于Docker,您可能还需要将文件放入

/etc/docker/certs.d/<--your-site-url--->/ca.crt

并且文件必须命名为ca.crt (与.pem文件相同的文件文件,但命名为ca.crt)

答案 1 :(得分:0)

我看到了类似的问题,这与我的注册表不支持https有关。如果您的注册表不支持https,那么您必须指定它是docker守护程序的不安全注册表

echo&#39; DOCKER_OPTS =&#34; - insecure-registry 10.100.129.115:5000"&#39; | sudo tee -a / etc / default / docker

然后重新启动docker守护程序。

答案 2 :(得分:0)

如果您使用的是Ubuntu,请将此行添加到/etc/default/docker文件中。

$DOCKER_OPTS=“--insecure-registry xxx.xxx.xxx.xxx:5000”

xxx.xxx.xxx.xxx是您的私人注册表ip。

然后重新启动docker客户端。

sudo docker service restart
相关问题
最新问题