(Kubernetes + Minikube)无法从本地注册表获取Docker映像 [英] (Kubernetes + Minikube) can't get docker image from local registry

问题描述

我在机器上安装了docker，并且在minikube中安装了docker，所以大概我有两个在不同VM上运行的docker实例

I have setup docker on my machine and also minikube which have docker inside it, so probably i have two docker instances running on different VM

我构建图像并对其进行标记，然后将其推送到本地注册表，并且成功推送，我也可以将其从注册表中拉出，也可以在运行curl以获取标签列表时得到结果，这就是我所做的

I build an image and tag it then push it to local registry and it pushed successfully and i can pull it from registry too and also when i run curl to get tags list i got result, and here are what i did

1- docker build -t 127.0.0.1:5000/eliza/console:0.0.1 .
2- docker run -d -p 5000:5000 --name registry registry:2
3- docker tag a3703d02a199 127.0.0.1:5000/eliza/console:0.0.1
4- docker push 127.0.0.1:5000/eliza/console:0.0.1
5- curl -X GET http://127.0.0.1:5000/v2/eliza/console/tags/list

以上所有步骤都可以正常工作，完全没有问题.

all above steps are working fine with no problems at all.

我的问题是当我运行minikube并尝试在其中的本地注册表中访问此映像时

My problem is when i run minikube and try to access this image in local registry inside it

所以当我运行下一个命令时

So when i run next commands

1- sudo minikube start --insecure-registry 127.0.0.1:5000
2- eval $(minikube docker-env)
3- minikube ssh
4- curl -X GET http://127.0.0.1:5000/v2/eliza/console/tags/list

在最后一步(第4点)中，它给了我下一条消息

in last step (point 4) it gave me next message

卷曲:(7)无法连接到127.0.0.1端口5000:连接被拒绝

curl: (7) Failed to connect to 127.0.0.1 port 5000: Connection refused

所以我可以从我的机器上访问映像注册表，但不能从minikube访问映像注册表，这在我使用minikube上的Kubernetes部署此映像并由于无法连接到

So i can access image registry from my machine but not from minikube which make a problems of course with me when i deploy this image using Kubernetes on minikube and make deploy failed due to can't connect to http://127.0.0.1:5000

您能帮我配置minikube以查看我的本地注册表吗，这样我的问题就可以解决，然后我可以使用kubernetes成功地将映像部署到minikube?

Can you help me configuring minikube to see my local registry so my problem will be solved then i can deploy image to minikube using kubernetes successfully?

更新

我正在使用此yaml文件(我将其命名为 ConsolePre.yaml )来使用kubernetes部署我的映像

I am using this yaml file (i named it ConsolePre.yaml) to deploy my image using kubernetes

apiVersion: v1
  kind: Service
  metadata:
    name: tripbru-console
    labels:
      app: tripbru-console
  spec:
    ports:
      - port: 9080
        targetPort: 9080
        nodePort: 30181
    selector:
      app: tripbru-console
      tier: frontend
    type: NodePort
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: tripbru-console
  labels:
    app: tripbru-console
spec:
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: tripbru-console
        tier: frontend
    spec:
      containers:
      - image: docker.local:5000/eliza/console:0.0.1
        name: tripbru-console
        ports:
        - containerPort: 9080
          name: tripbru-console

当我运行下一个命令以应用更改时

and when i run next command to apply changes

sudo kubectl apply -f/PATH_TO_YAML_FILE/ConsolePre.yaml

sudo kubectl apply -f /PATH_TO_YAML_FILE/ConsolePre.yaml

结果是

NAME                                      READY     STATUS         RESTARTS   AGE
po/tripbru-console-1655054400-x3g87       0/1       ErrImagePull   0          1m

当我运行describe命令时

and when i run describe command

sudo kubectl描述pod tripbru-console-1655054400-x3g87

sudo kubectl describe pod tripbru-console-1655054400-x3g87

我在描述结果中找到了下一条消息

i found next message in description result

守护程序的错误响应:{"message":获取 https://docker.local:5000/v1/_ping :拨打tcp:查找docker.local在 10.0.2.3:53:阅读udp 10.0.2.15:57792-\u003e10.0.2.3:53:I/O超时}

Error response from daemon: {"message":"Get https://docker.local:5000/v1/_ping: dial tcp: lookup docker.local on 10.0.2.3:53: read udp 10.0.2.15:57792-\u003e10.0.2.3:53: i/o timeout"}

并且我在minikube/etc/hosts中配置了 docker.local xxx.xxx.xx.4 ，所以我不知道10.0.2.3:53和10.0.2.15:57792来自何处

and i configured docker.local xxx.xxx.xx.4 in minikube /etc/hosts so i don't know from where 10.0.2.3:53 and 10.0.2.15:57792 come from.

所以我也该如何解决这个问题.

So how can i solve this issue too.

谢谢:)

推荐答案

问题是您在任意位置使用127.0.0.1的想法.这是错误的.

The issue is your notion using 127.0.0.1 anywhere you want. This is wrong.

因此，如果您的计算机IP为192.168.0.101.然后下面的作品

So if your machine IP is 192.168.0.101. Then below works

1- docker build -t 127.0.0.1:5000/eliza/console:0.0.1 .
2- docker run -d -p 5000:5000 --name registry registry:2
3- docker tag a3703d02a199 127.0.0.1:5000/eliza/console:0.0.1
4- docker push 127.0.0.1:5000/eliza/console:0.0.1
5- curl -X GET http://127.0.0.1:5000/v2/eliza/console/tags/list

因为docker run将注册表映射到127.0.0.1:5000和192.168.0.101:5000.现在，在您的计算机上，只有此127.0.0.1起作用.现在，当您使用

Because docker run maps the registry to 127.0.0.1:5000 and 192.168.0.101:5000. Now on your machine only this 127.0.0.1 will work. Now when you use

3- minikube ssh

您进入minikube计算机，并且没有在127.0.0.1:5000上运行的注册表.这样的错误.使用计算机IP，无法在该计算机内部访问注册表.

You get inside the minikube machine and that doesn't have a registry running on 127.0.0.1:5000. So the error. The registry is no reachable inside this machine using the machine machine IP.

我通常解决此问题的方法是在本地和其他VM内使用主机名.

The way I usually solve this is issue is by using host name both locally and inside the other VMs.

因此，在您的计算机上，在/etc/hosts

So on your machine create a entry in /etc/hosts

docker.local 127.0.0.1

并将您的命令更改为

1- docker build -t docker.local:5000/eliza/console:0.0.1 .
2- docker run -d -p 5000:5000 --name registry registry:2
3- docker tag a3703d02a199 docker.local:5000/eliza/console:0.0.1
4- docker push docker.local:5000/eliza/console:0.0.1
5- curl -X GET http://docker.local:5000/v2/eliza/console/tags/list

然后在使用minikube ssh时，在/etc/hosts

docker.local 192.168.0.101

然后curl -X GET http://docker.local:5000/v2/eliza/console/tags/list

编辑1

对于TLS问题，您需要在minikube中停止docker服务

For the TLS issue you need to Stop the docker service inside minikube

systemctl stop docker

然后编辑/etc/systemd/system/docker.service.d/10-machine.conf并更改

ExecStart =/usr/bin/docker守护程序-H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert/etc/docker/ca. pem --tlscert/etc/docker/server.pem --tlskey/etc/docker/server-key.pem --label provider = virtualbox-不安全注册表10.0.0.0/24

ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=virtualbox --insecure-registry 10.0.0.0/24

到

ExecStart =/usr/bin/docker守护程序-H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert/etc/docker/ca. pem --tlscert/etc/docker/server.pem --tlskey/etc/docker/server-key.pem --label provider = virtualbox-不安全注册10.0.0.0/24-不安全注册docker.local: 5000-不安全注册表192.168.1.4:5000

ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=virtualbox --insecure-registry 10.0.0.0/24 --insecure-registry docker.local:5000 --insecure-registry 192.168.1.4:5000

然后重新加载守护程序并启动docker服务

Then reload daemon and start the docker service

systemctl daemon-reload
systemctl start docker

然后尝试拉动

docker pull docker.local:5000/eliza/console:0.0.1

该命令应该起作用

这篇关于(Kubernetes + Minikube)无法从本地注册表获取Docker映像的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！