Kubernet不能从不安全的registry中取出,并且不能从脱机群集上的本地映像运行容器
我正在使用离线群集(机器没有互联网访问),使用ansible和docker组合脚本部署docker镜像。 我的服务器是Centos7。 我在机器上build立了一个不安全的dockerregistry。 我们要改变环境,我正在安装kubernetes为了pipe理我的容器拉。
我按照本指南安装kubernetes: https ://severalnines.com/blog/installing-kubernetes-cluster-minions-centos7-manage-pods-services
安装后,我试图启动一个testing吊舱。 这里是荚的yml,启动
kubectl -f create nginx.yml 这里的yml:
apiVersion: v1 kind: Pod metadata: name: nginx spec: containers: - name: nginx image: [my_registry_addr]:[my_registry_port]/nginx:v1 ports: - containerPort: 80
我用kubectl描述得到更多的错误信息:
Name: nginx Namespace: default Node: [my node] Start Time: Fri, 15 Sep 2017 11:29:05 +0200 Labels: <none> Status: Pending IP: Controllers: <none> Containers: nginx: Container ID: Image: [my_registry_addr]:[my_registry_port]/nginx:v1 Image ID: Port: 80/TCP State: Waiting Reason: ContainerCreating Ready: False Restart Count: 0 Volume Mounts: <none> Environment Variables: <none> Conditions: Type Status Initialized True Ready False PodScheduled True No volumes. QoS Class: BestEffort Tolerations: <none> Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 2m 2m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx to [my kubernet node] 1m 1m 2 {kubelet [my kubernet node]} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "Error while pulling image: Get https://index.docker.io/v1/repositories/library/[my_registry_addr]/images: dial tcp: lookup index.docker.io on [kubernet_master_ip]:53: server misbehaving" 54s 54s 1 {kubelet [my kubernet node]} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"[my_registry_addr]:[my_registry_port]\"" 8s 8s 1 {kubelet [my kubernet node]} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/[my_registry_addr]/images. You may want to check your internet connection or if you are behind a proxy."
然后,我去我的节点,并使用journalctl -xe
sept. 15 11:22:02 [my_node_ip] dockerd-current[9861]: time="2017-09-15T11:22:02.350930396+02:00" level=info msg="{Action=create, LoginUID=4294967295, PID=11555}" sept. 15 11:22:17 [my_node_ip] dockerd-current[9861]: time="2017-09-15T11:22:17.351536727+02:00" level=warning msg="Error getting v2 registry: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" sept. 15 11:22:17 [my_node_ip] dockerd-current[9861]: time="2017-09-15T11:22:17.351606330+02:00" level=error msg="Attempting next endpoint for pull after error: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" sept. 15 11:22:32 [my_node_ip] dockerd-current[9861]: time="2017-09-15T11:22:32.353946452+02:00" level=error msg="Not continuing with pull after error: Error while pulling image: Get https://index.docker.io/v1/repositories/library/[my_registry_ip]/images: dial tcp: lookup index.docker.io on [kubernet_master_ip]:53: server misbehaving" sept. 15 11:22:32 [my_node_ip] kubelet[11555]: E0915 11:22:32.354309 11555 docker_manager.go:2161] Failed to create pod infra container: ErrImagePull; Skipping pod "nginx_default(8b5c40e5-99f4-11e7-98db-f8bc12456ee4)": Error while pulling image: Get https://index.docker.io/v1/repositories/library/[my_registry_ip]/images: dial tcp: lookup index.docker.io on [kubernet_master_ip]:53: server misbehaving sept. 15 11:22:32 [my_node_ip] kubelet[11555]: E0915 11:22:32.354390 11555 pod_workers.go:184] Error syncing pod 8b5c40e5-99f4-11e7-98db-f8bc12456ee4, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "Error while pulling image: Get https://index.docker.io/v1/repositories/library/[my_registry_ip]/images: dial tcp: lookup index.docker.io on [kubernet_master_ip]:53: server misbehaving" sept. 15 11:22:44 [my_node_ip] dockerd-current[9861]: time="2017-09-15T11:22:44.350708175+02:00" level=error msg="Handler for GET /v1.24/images/[my_registry_ip]:[my_registry_port]/json returned error: No such image: [my_registry_ip]:[my_registry_port]"
我确定我的dockerconfiguration是好的,因为我每天都用ansible或mesos来使用它。
docker版本是1.12.6,kubernet版本是1.5.2
有人对我现在能做什么有所了解吗? 我没有find这种用法的任何configuration密钥。
当我看到拉是失败的,我手动拉所有节点上的图像。 我把标签,以确保kubernetes将尝试拉默认,并设置“imagePullPolicy:IfNotPresent”
指定泊坞窗图像的语法是:
[docker_registry]/[image_name]:[image_tag]
在您的清单文件中,您已经使用“:”来分隔docker存储库主机和存储库正在侦听的端口。 docker私人registry的默认端口我猜是5000.所以改变你的图像声明
Image: [my_registry_addr]:[my_registry_port]/nginx:v1
至
Image: [my_registry_addr]/nginx:v1
此外,通过执行ping来检查从worker节点到您的dockerregistry的networking连接。
ping [my_registry_addr]
如果您仍想检查registry是否打开了端口443,则可以对运行dockerregistry的主机上的端口执行tcp检查
curl telnet://[my_registry_addr]:443
希望有所帮助。
我终于find了什么问题。
要工作,Kubernetes需要一个暂停容器。 Kubernetes试图find互联网上的暂停容器。
我在我的registry部署了一个自定义的暂停容器,我设置kubernetes暂停容器到这个图像。
之后,kubernetes正在像一个魅力工作。