Question

我正在运行Docker for Mac（Edge），我有一个Kubernetes集群。

我正在尝试在Kubernetes中运行一个Registry，因此我可以将图像推送到集群并在Localhost环境中使用它们。

我已经安装了一个带Helm的注册表：helm install stable/docker-registry

我可以使用portforward运行：

export POD_NAME=$(kubectl get pods --namespace default -l "app=docker-registry,release=guiding-hedgehog" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl port-forward $POD_NAME 8080:5000

问题是我在尝试使用docker push localhost:5000/hello推送到注册表时遇到错误：

The push refers to repository [localhost:5000/hello]
Get http://localhost:5000/v2/: dial tcp [::1]:5000: getsockopt: connection refused

kubectl获取服务：

NAME: eyewitness-moose-docker-registry TYPE: ClusterIP CLUSTER-IP:10.106.213.130 EXTERNAL-IP:<none> PORT(S):5000/TCP

注意：还尝试将docker.for.mac.localhost:5000添加到不安全的注册表列表中。

所以它看起来像是一个安全问题，可能与Docker doc

中描述的不安全的注册表无法运行有关

因此，我创建了here所述的证书。

现在的问题是，如何只使用kubectl将证书分发到每个节点？

注意：我在Docker for Mac（Edge）中运行，因此我可以使用Kubernetes运行容器。但是有这么多，如何，我不认为这是正确的方式：

7d50a16271b5        gcr.io/kubernetes-helm/tiller                            "/tiller"                19 hours ago        Up 19 hours                             k8s_tiller_tiller-deploy-865dd6c794-j7nk8_kube-system_8cbf6a09-329d-11e8-83ed-025000000001_0
6c77c450b374        gcr.io/google_containers/pause-amd64:3.0                 "/pause"                 19 hours ago        Up 19 hours                             k8s_POD_tiller-deploy-865dd6c794-j7nk8_kube-system_8cbf6a09-329d-11e8-83ed-025000000001_0
ff19b2587142        docker/kube-compose-controller                           "/compose-controller…"   40 hours ago        Up 40 hours                             k8s_compose_compose-5d4f4d67b6-n9jbp_docker_d7fc0ef4-3065-11e8-b9f8-025000000001_0
22109b6207af        docker/kube-compose-api-server                           "/api-server --kubec…"   40 hours ago        Up 40 hours                             k8s_compose_compose-api-7bb7b5968f-9mjxr_docker_d7f23906-3065-11e8-b9f8-025000000001_0
fd35236592f2        gcr.io/google_containers/k8s-dns-sidecar-amd64           "/sidecar --v=2 --lo…"   40 hours ago        Up 40 hours                             k8s_sidecar_kube-dns-6f4fd4bdf-h25hz_kube-system_ba973aaa-3065-11e8-b9f8-025000000001_0
8df955fd61f4        gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64     "/dnsmasq-nanny -v=2…"   40 hours ago        Up 40 hours                             k8s_dnsmasq_kube-dns-6f4fd4bdf-h25hz_kube-system_ba973aaa-3065-11e8-b9f8-025000000001_0
2b35fb82f6e6        gcr.io/google_containers/k8s-dns-kube-dns-amd64          "/kube-dns --domain=…"   40 hours ago        Up 40 hours                             k8s_kubedns_kube-dns-6f4fd4bdf-h25hz_kube-system_ba973aaa-3065-11e8-b9f8-025000000001_0
89b4e3ccccd5        gcr.io/google_containers/pause-amd64:3.0                 "/pause"                 40 hours ago        Up 40 hours                             k8s_POD_compose-5d4f4d67b6-n9jbp_docker_d7fc0ef4-3065-11e8-b9f8-025000000001_0
d5a6a2ba714b        gcr.io/google_containers/pause-amd64:3.0                 "/pause"                 40 hours ago        Up 40 hours                             k8s_POD_kube-dns-6f4fd4bdf-h25hz_kube-system_ba973aaa-3065-11e8-b9f8-025000000001_0
608c82a39845        gcr.io/google_containers/pause-amd64:3.0                 "/pause"                 40 hours ago        Up 40 hours                             k8s_POD_compose-api-7bb7b5968f-9mjxr_docker_d7f23906-3065-11e8-b9f8-025000000001_0
38982ea53b7d        gcr.io/google_containers/kube-proxy-amd64                "/usr/local/bin/kube…"   40 hours ago        Up 40 hours                             k8s_kube-proxy_kube-proxy-75vvn_kube-system_bace7415-3065-11e8-b9f8-025000000001_0
1e5b99acf1ca        gcr.io/google_containers/pause-amd64:3.0                 "/pause"                 40 hours ago        Up 40 hours                             k8s_POD_kube-proxy-75vvn_kube-system_bace7415-3065-11e8-b9f8-025000000001_0
e75f4b1db79e        gcr.io/google_containers/kube-scheduler-amd64            "kube-scheduler --ku…"   40 hours ago        Up 40 hours                             k8s_kube-scheduler_kube-scheduler-docker-for-desktop_kube-system_f851ca949bc3883a8c73ea5debfa5def_0
2834798acbc5        gcr.io/google_containers/kube-apiserver-amd64            "kube-apiserver --ad…"   40 hours ago        Up 40 hours                             k8s_kube-apiserver_kube-apiserver-docker-for-desktop_kube-system_caae2ec94c5b9fe55a01978c5b2f561e_0
91cb9c57c7f6        gcr.io/google_containers/etcd-amd64                      "etcd --listen-clien…"   40 hours ago        Up 40 hours                             k8s_etcd_etcd-docker-for-desktop_kube-system_7278f85057e8bf5cb81c9f96d3b25320_0
ead556edb234        gcr.io/google_containers/kube-controller-manager-amd64   "kube-controller-man…"   40 hours ago        Up 40 hours                             k8s_kube-controller-manager_kube-controller-manager-docker-for-desktop_kube-system_81fd91d1cb0957bc579d5dd888f73ead_0
bd4e94136fe5        gcr.io/google_containers/pause-amd64:3.0                 "/pause"                 40 hours ago        Up 40 hours                             k8s_POD_kube-scheduler-docker-for-desktop_kube-system_f851ca949bc3883a8c73ea5debfa5def_0
45f2657c47a7        gcr.io/google_containers/pause-amd64:3.0                 "/pause"                 40 hours ago        Up 40 hours                             k8s_POD_kube-controller-manager-docker-for-desktop_kube-system_81fd91d1cb0957bc579d5dd888f73ead_0
3e5a8064e983        gcr.io/google_containers/pause-amd64:3.0                 "/pause"                 40 hours ago        Up 40 hours                             k8s_POD_etcd-docker-for-desktop_kube-system_7278f85057e8bf5cb81c9f96d3b25320_0
b7ae16f4ce6b        gcr.io/google_containers/pause-amd64:3.0                 "/pause"                 40 hours ago        Up 40 hours                             k8s_POD_kube-apiserver-docker-for-desktop_kube-system_caae2ec94c5b9fe55a01978c5b2f561e_0

欢迎任何方向正确。

提前致谢

Kubernetes中的Localhost注册表 - 分发证书

0 个答案: