Kubernetes不从没有https的私有存储库中拖出docker镜像
我在私有docker注册中心的kubernetes-master上configuration了docker。
Docker推送到私人dockerregistry没有https成功。
我也可以使用docker来拉取图片。
当我为这个图像运行kubernetes时,我用'kubectl describe pods'得到以下日志:
kubectl describe pods Name: fgpra-250514157-yh6vb Namespace: default Node: 5.179.232.64/5.179.232.64 Start Time: Tue, 11 Oct 2016 18:06:59 +0200 Labels: pod-template-hash=250514157,run=fgpra Status: Pending IP: <removed myself> Controllers: ReplicaSet/fgpra-250514157 Containers: fgpra: Container ID: Image: 5.179.232.65:5000/some_api_image Image ID: Port: 3000/TCP QoS Tier: cpu: BestEffort memory: BestEffort State: Waiting Reason: ErrImagePull Ready: False Restart Count: 0 Environment Variables: Conditions: Type Status Ready False Volumes: default-token-q7u3x: Type: Secret (a volume populated by a Secret) SecretName: default-token-q7u3x Events: FirstSeen LastSeen Count From SubobjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 4s 4s 1 {default-scheduler } Normal Scheduled Successfully assigned fgpra-250514157-yh6vb to 5.179.232.64 4s 4s 1 {kubelet 5.179.232.64} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy. 4s 4s 1 {kubelet 5.179.232.64} spec.containers{fgpra} Normal Pulling pulling image "5.179.232.65:5000/some_api_image" 4s 4s 1 {kubelet 5.179.232.64} spec.containers{fgpra} Warning Failed Failed to pull image "5.179.232.65:5000/some_api_image": unable to ping registry endpoint https://5.179.232.65:5000/v0/ v2 ping attempt failed with error: Get https://5.179.232.65:5000/v2/: http: server gave HTTP response to HTTPS client v1 ping attempt failed with error: Get https://5.179.232.65:5000/v1/_ping: http: server gave HTTP response to HTTPS client 4s 4s 1 {kubelet 5.179.232.64} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "fgpra" with ErrImagePull: "unable to ping registry endpoint https://5.179.232.65:5000/v0/\nv2 ping attempt failed with error: Get https://5.179.232.65:5000/v2/: http: server gave HTTP response to HTTPS client\n v1 ping attempt failed with error: Get https://5.179.232.65:5000/v1/_ping: http: server gave HTTP response to HTTPS client" 3s 3s 1 {kubelet 5.179.232.64} spec.containers{fgpra} Normal BackOff Back-off pulling image "5.179.232.65:5000/some_api_image" 3s 3s 1 {kubelet 5.179.232.64} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "fgpra" with ImagePullBackOff: "Back-off pulling image \"5.179.232.65:5000/some_api_image\"" 我已经configuration我的/etc/init.d/sysconfig/docker使用我的不安全的私人registry。
这是启动kubernetes部署的命令:
kubectl run fgpra --image=5.179.232.65:5000/some_api_image --port=3000
我如何设置kubernetes从我的私人dockerregistry,而不使用ssl?
这是一个docker问题,而不是一个kubernetes。 您需要将您的httpregistry作为insecure-registry到每个kubernetes节点上的docker守护进程。
docker daemon --insecure-registry=5.179.232.65:5000
在大多数环境中,有一个像/etc/default/docker这样的文件可以添加这个参数。