如果没有https,Kubernetes不会从私有存储库中提取docker镜像

时间:2016-10-11 16:22:16

标签: docker kubernetes

我在与我的kubernetes-master相同的主机上为私有docker注册表配置了docker。
Docker在没有https的情况下推送到私有docker注册表成功。
我也可以使用docker来提取图像点。

当我为这张图片运行kubernetes时,我会在日志后面找到“kubectl describe pods”:

kubectl describe pods
Name:       fgpra-250514157-yh6vb
Namespace:  default
Node:       5.179.232.64/5.179.232.64
Start Time: Tue, 11 Oct 2016 18:06:59 +0200
Labels:     pod-template-hash=250514157,run=fgpra
Status:     Pending
IP:     <removed myself>
Controllers:    ReplicaSet/fgpra-250514157
Containers:
  fgpra:
    Container ID:   
    Image:      5.179.232.65:5000/some_api_image
    Image ID:       
    Port:       3000/TCP
    QoS Tier:
      cpu:      BestEffort
      memory:       BestEffort
    State:      Waiting
      Reason:       ErrImagePull
    Ready:      False
    Restart Count:  0
    Environment Variables:
Conditions:
  Type      Status
  Ready     False 
Volumes:
  default-token-q7u3x:
    Type:   Secret (a volume populated by a Secret)
    SecretName: default-token-q7u3x
Events:
  FirstSeen LastSeen    Count   From            SubobjectPath       Type        Reason          Message
  --------- --------    -----   ----            -------------       --------    ------          -------
  4s        4s      1   {default-scheduler }                Normal      Scheduled       Successfully assigned fgpra-250514157-yh6vb to 5.179.232.64
  4s        4s      1   {kubelet 5.179.232.64}              Warning     MissingClusterDNS   kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
  4s        4s      1   {kubelet 5.179.232.64}  spec.containers{fgpra}  Normal      Pulling         pulling image "5.179.232.65:5000/some_api_image"
  4s        4s      1   {kubelet 5.179.232.64}  spec.containers{fgpra}  Warning     Failed          Failed to pull image "5.179.232.65:5000/some_api_image": unable to ping registry endpoint https://5.179.232.65:5000/v0/
v2 ping attempt failed with error: Get https://5.179.232.65:5000/v2/: http: server gave HTTP response to HTTPS client
 v1 ping attempt failed with error: Get https://5.179.232.65:5000/v1/_ping: http: server gave HTTP response to HTTPS client
  4s    4s  1   {kubelet 5.179.232.64}      Warning FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "fgpra" with ErrImagePull: "unable to ping registry endpoint https://5.179.232.65:5000/v0/\nv2 ping attempt failed with error: Get https://5.179.232.65:5000/v2/: http: server gave HTTP response to HTTPS client\n v1 ping attempt failed with error: Get https://5.179.232.65:5000/v1/_ping: http: server gave HTTP response to HTTPS client"

  3s    3s  1   {kubelet 5.179.232.64}  spec.containers{fgpra}  Normal  BackOff     Back-off pulling image "5.179.232.65:5000/some_api_image"
  3s    3s  1   {kubelet 5.179.232.64}              Warning FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "fgpra" with ImagePullBackOff: "Back-off pulling image \"5.179.232.65:5000/some_api_image\""

我已将/etc/init.d/sysconfig/docker配置为使用我的不安全的私有注册表。

这是启动kubernetes部署的命令:

kubectl run fgpra --image=5.179.232.65:5000/some_api_image --port=3000

如何在不使用ssl的情况下将kubernetes设置为从我的私有docker注册表中提取?

1 个答案:

答案 0 :(得分:6)

这是一个码头工人问题,而​​不是kubernetes问题。您需要将http注册表添加为insecure-registry到每个kubernetes节点上的docker守护程序。

docker daemon --insecure-registry=5.179.232.65:5000

在大多数环境中,有一个类似/etc/default/docker的文件,您可以在其中添加此参数。

相关问题
最新问题