我一直在查看有关如何启用 k3s(在我的 pi 上运行)从我的家庭网络(我的网络上的服务器笔记本电脑)上的私有注册表中提取 docker 镜像的不同参考资料。如果有人可以请把我的头指向正确的方向?这是我的方法:
docker run -d -p 10000:5000 --restart=always --local-docker-registry registry:2
这行得通,并且能够将图像从“服务器 pc”推拉到它。我还没有添加身份验证 TLS 等...
(通过 VS Code 上的 docker 插件查看图像)。
$ curl -ks http://<server IP>:10000/v2/_catalog
{"repositories":["tcpserialpassthrough"]}
$ cat /etc/rancher/k3s/registries.yaml
mirrors:
pwlaptopregistry:
endpoint:
- "http://<host IP here>:10000"
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcpserialpassthrough
spec:
selector:
matchLabels:
app: tcpserialpassthrough
replicas: 1
template:
metadata:
labels:
app: tcpserialpassthrough
spec:
containers:
- name: tcpserialpassthrough
image: pwlaptopregistry/tcpserialpassthrough:vers1.3-arm
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 8001
hostPort: 8001
protocol: TCP
command: ["dotnet", "/app/TcpConnector.dll"]
但是,当我检查部署启动顺序时,它仍然无法拉取映像(并且可能还引用了 docker hub?):
kubectl get events -w
LAST SEEN TYPE REASON OBJECT MESSAGE
8m24s Normal SuccessfulCreate replicaset/tcpserialpassthrough-88fb974d9 Created pod: tcpserialpassthrough-88fb974d9-b88fc
8m23s Warning FailedScheduling pod/tcpserialpassthrough-88fb974d9-b88fc 0/1 nodes are available: 1 node(s) didn't have free ports for the requested pod ports.
8m23s Warning FailedScheduling pod/tcpserialpassthrough-88fb974d9-b88fc 0/1 nodes are available: 1 node(s) didn't have free ports for the requested pod ports.
8m21s Normal Scheduled pod/tcpserialpassthrough-88fb974d9-b88fc Successfully assigned default/tcpserialpassthrough-88fb974d9-b88fc to raspberrypi
6m52s Normal Pulling pod/tcpserialpassthrough-88fb974d9-b88fc Pulling image "pwlaptopregistry/tcpserialpassthrough:vers1.3-arm"
6m50s Warning Failed pod/tcpserialpassthrough-88fb974d9-b88fc Error: ErrImagePull
6m50s Warning Failed pod/tcpserialpassthrough-88fb974d9-b88fc Failed to pull image "pwlaptopregistry/tcpserialpassthrough:vers1.3-arm": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/pwlaptopregistry/tcpserialpassthrough:vers1.3-arm": failed to resolve reference "docker.io/pwlaptopregistry/tcpserialpassthrough:vers1.3-arm": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
6m3s Normal BackOff pod/tcpserialpassthrough-88fb974d9-b88fc Back-off pulling image "pwlaptopregistry/tcpserialpassthrough:vers1.3-arm"
3m15s Warning Failed pod/tcpserialpassthrough-88fb974d9-b88fc Error: ImagePullBackOff
想知道问题是否与授权有关,并在 this youtube guide 之后基于基本身份验证添加,但同样的问题仍然存在。 还注意到必须编辑 /etc/docker/daemon.json 以允许未经授权的非 TLS 连接,通过:
{
"Insecure-registries": [ "<host IP>:10000" ]
}
<块引用>
但似乎这需要在节点端完成,而节点没有安装 docker cli??
答案 0 :(得分:4)
...这太愚蠢了,不知道为什么需要将域名和端口指定为您推荐的注册机构的“名称”,但无论如何这解决了我的问题(供参考):
$cat /etc/rancher/k3s/registries.yaml
mirrors:
"<host IP>:10000":
endpoint:
- "http://<host IP>:10000"
<块引用>
并重新启动 k3s:
systemctl restart k3s
然后在您的部署中,在您的图像路径中将其引用为:
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcpserialpassthrough
spec:
selector:
matchLabels:
app: tcpserialpassthrough
replicas: 1
template:
metadata:
labels:
app: tcpserialpassthrough
spec:
containers:
- name: tcpserialpassthrough
image: <host IP>:10000/tcpserialpassthrough:vers1.3-arm
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 8001
hostPort: 8001
protocol: TCP
command: ["dotnet", "/app/TcpConnector.dll"]
imagePullSecrets:
- name: mydockercredentials
<块引用>
引用保存为机密的注册表的基本身份验证详细信息:
$ kubectl create secret docker-registry mydockercredentials --docker-server host IP:10000 --docker-username username --docker -password password
您将能够通过
验证拉取过程 <块引用>$ kubectl get events -w