我正在学习Kubernetes,并想要设置一个可在集群中运行的Docker注册表,将任何自定义代码部署到该私有注册表,然后让我的节点从该私有注册表中提取图像以创建Pod。我已经在this StackOverflow question
中描述了我的设置最初,我被困于试图找出SSL证书,但是现在我推迟了,我正在尝试使用一个不安全的注册表。为此,我创建了以下Pod来运行我的注册表(我知道它是Pod,而不是副本集或部署-这仅出于实验目的,一旦工作,我将使其更整洁):
apiVersion: v1
kind: Pod
metadata:
name: docker-registry
labels:
app: docker-registry
spec:
containers:
- name: docker-registry
image: registry:2
ports:
- containerPort: 80
hostPort: 80
env:
- name: REGISTRY_HTTP_ADDR
value: 0.0.0.0:80
然后我创建了以下NodePort服务:
apiVersion: v1
kind: Service
metadata:
name: docker-registry-external
labels:
app: docker-registry
spec:
type: NodePort
ports:
- targetPort: 80
port: 80
nodePort: 32000
selector:
app: docker-registry
我在Kubernetes群集之前设置了一个负载平衡器,该群集配置为将端口80上的流量路由到端口32000。因此,我可以在http://example.com
上访问此注册表
然后我按如下方式更新了本地/etc/docker/daemon.json
:
{
"insecure-registries": ["example.com"]
}
有了这个,我得以将映像成功推送到我的注册表中:
> docker pull ubuntu
> docker tag ubuntu example.com/my-ubuntu
> docker push exapmle.com/my-ubuntu
The push refers to repository [example.com/my-ubuntu]
cc9d18e90faa: Pushed
0c2689e3f920: Pushed
47dde53750b4: Pushed
latest: digest: sha256:1d7b639619bdca2d008eca2d5293e3c43ff84cbee597ff76de3b7a7de3e84956 size: 943
现在,我想在创建广告连播时尝试并 拉 此图像。因此,我创建了以下ClusterIP服务,以使我的注册表可在群集中访问:
apiVersion: v1
kind: Service
metadata:
name: docker-registry-internal
labels:
app: docker-registry
spec:
type: ClusterIP
ports:
- targetPort: 80
port: 80
selector:
app: docker-registry
然后我创建了一个秘密:
apiVersion: v1
kind: Secret
metadata:
name: local-docker
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: ewoJImluc2VjdXJlLXJlZ2lzdHJpZXMiOiBbImRvY2tlci1yZWdpc3RyeS1pbnRlcm5hbCJdCn0K
base64位解码为:
{
"insecure-registries": ["docker-registry-internal"]
}
最后,我创建了以下吊舱:
apiVersion: v1
kind: Pod
metadata:
name: test-docker
labels:
name: test
spec:
imagePullSecrets:
- name: local-docker
containers:
- name: test
image: docker-registry-internal/my-ubuntu
当我尝试创建此pod(kubectl create -f test-pod.yml
)并查看我的集群时,这就是我看到的:
> kubectl get pods
NAME READY STATUS RESTARTS AGE
test-docker 0/1 ErrImagePull 0 4s
docker-registry 1/1 Running 0 34m
> kubectl describe pod test-docker
...
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m33s default-scheduler Successfully assigned default/test-docker to pool-uqa-dev-3sli8
Normal Pulling 3m22s (x2 over 3m32s) kubelet Pulling image "docker-registry-internal/my-ubuntu"
Warning Failed 3m22s (x2 over 3m32s) kubelet Failed to pull image "docker-registry-internal/my-ubuntu": rpc error: code = Unknown desc = Error response from daemon: pull access denied for docker-registry-internal/my-ubuntu, repository does not exist or may require 'docker login'
Warning Failed 3m22s (x2 over 3m32s) kubelet Error: ErrImagePull
Normal SandboxChanged 3m19s (x7 over 3m32s) kubelet Pod sandbox changed, it will be killed and re-created.
Normal BackOff 3m18s (x6 over 3m30s) kubelet Back-off pulling image "docker-registry-internal/my-ubuntu"
Warning Failed 3m18s (x6 over 3m30s) kubelet Error: ImagePullBackOff
尽管有ClusterIP服务,但显然找不到主机“ docker-registry-internal”。
我尝试使用在网上找到的技巧从内部检查吊舱:
> kubectl run -i --tty --rm debug --image=ubuntu --restart=Never -- bash
If you don't see a command prompt, try pressing enter.
root@debug:/# cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.244.1.67 debug
似乎/etc/hosts
文件中没有添加ClusterIP服务,所以我不确定服务应该如何找到彼此?
我尝试看了几本有关一般服务通信的Kubernetes教程(例如,与Redis Pod进行通信的app Pod),每次他们做的都是提供服务名称作为主机,并且魔术地连接了它。我不确定是否遗漏了一些东西。请记住,我是Kubernetes的新手,所以内部构造对我来说还是个谜。