(Kubernetes + Minikube)无法从本地注册表获取Docker映像 [英] (Kubernetes + Minikube) can't get docker image from local registry
问题描述
我在机器上安装了docker,并且在minikube中安装了docker,所以大概我有两个在不同VM上运行的docker实例
I have setup docker on my machine and also minikube which have docker inside it, so probably i have two docker instances running on different VM
我构建图像并对其进行标记,然后将其推送到本地注册表,并且成功推送,我也可以将其从注册表中拉出,也可以在运行curl以获取标签列表时得到结果,这就是我所做的>
I build an image and tag it then push it to local registry and it pushed successfully and i can pull it from registry too and also when i run curl to get tags list i got result, and here are what i did
1- docker build -t 127.0.0.1:5000/eliza/console:0.0.1 .
2- docker run -d -p 5000:5000 --name registry registry:2
3- docker tag a3703d02a199 127.0.0.1:5000/eliza/console:0.0.1
4- docker push 127.0.0.1:5000/eliza/console:0.0.1
5- curl -X GET http://127.0.0.1:5000/v2/eliza/console/tags/list
以上所有步骤都可以正常工作,完全没有问题.
all above steps are working fine with no problems at all.
我的问题是当我运行minikube并尝试在其中的本地注册表中访问此映像时
My problem is when i run minikube and try to access this image in local registry inside it
所以当我运行下一个命令时
So when i run next commands
1- sudo minikube start --insecure-registry 127.0.0.1:5000
2- eval $(minikube docker-env)
3- minikube ssh
4- curl -X GET http://127.0.0.1:5000/v2/eliza/console/tags/list
在最后一步(第4点)中,它给了我下一条消息
in last step (point 4) it gave me next message
卷曲:(7)无法连接到127.0.0.1端口5000:连接被拒绝
curl: (7) Failed to connect to 127.0.0.1 port 5000: Connection refused
所以我可以从我的机器上访问映像注册表,但不能从minikube访问映像注册表,这在我使用minikube上的Kubernetes部署此映像并由于无法连接到
So i can access image registry from my machine but not from minikube which make a problems of course with me when i deploy this image using Kubernetes on minikube and make deploy failed due to can't connect to http://127.0.0.1:5000
您能帮我配置minikube以查看我的本地注册表吗,这样我的问题就可以解决,然后我可以使用kubernetes成功地将映像部署到minikube?
Can you help me configuring minikube to see my local registry so my problem will be solved then i can deploy image to minikube using kubernetes successfully?
更新
我正在使用此yaml文件(我将其命名为 ConsolePre.yaml )来使用kubernetes部署我的映像
I am using this yaml file (i named it ConsolePre.yaml) to deploy my image using kubernetes
apiVersion: v1
kind: Service
metadata:
name: tripbru-console
labels:
app: tripbru-console
spec:
ports:
- port: 9080
targetPort: 9080
nodePort: 30181
selector:
app: tripbru-console
tier: frontend
type: NodePort
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tripbru-console
labels:
app: tripbru-console
spec:
strategy:
type: Recreate
template:
metadata:
labels:
app: tripbru-console
tier: frontend
spec:
containers:
- image: docker.local:5000/eliza/console:0.0.1
name: tripbru-console
ports:
- containerPort: 9080
name: tripbru-console
当我运行下一个命令以应用更改时
and when i run next command to apply changes
sudo kubectl apply -f/PATH_TO_YAML_FILE/ConsolePre.yaml
sudo kubectl apply -f /PATH_TO_YAML_FILE/ConsolePre.yaml
结果是
NAME READY STATUS RESTARTS AGE
po/tripbru-console-1655054400-x3g87 0/1 ErrImagePull 0 1m
当我运行describe命令时
and when i run describe command
sudo kubectl描述pod tripbru-console-1655054400-x3g87
sudo kubectl describe pod tripbru-console-1655054400-x3g87
我在描述结果中找到了下一条消息
i found next message in description result
守护程序的错误响应:{"message":获取 https://docker.local:5000/v1/_ping :拨打tcp:查找docker.local在 10.0.2.3:53:阅读udp 10.0.2.15:57792-\u003e10.0.2.3:53:I/O超时}
Error response from daemon: {"message":"Get https://docker.local:5000/v1/_ping: dial tcp: lookup docker.local on 10.0.2.3:53: read udp 10.0.2.15:57792-\u003e10.0.2.3:53: i/o timeout"}
并且我在minikube/etc/hosts中配置了 docker.local xxx.xxx.xx.4 ,所以我不知道10.0.2.3:53和10.0.2.15:57792来自何处
and i configured docker.local xxx.xxx.xx.4 in minikube /etc/hosts so i don't know from where 10.0.2.3:53 and 10.0.2.15:57792 come from.
所以我也该如何解决这个问题.
So how can i solve this issue too.
谢谢:)
推荐答案
问题是您在任意位置使用127.0.0.1
的想法.这是错误的.
The issue is your notion using 127.0.0.1
anywhere you want. This is wrong.
因此,如果您的计算机IP为192.168.0.101.然后下面的作品
So if your machine IP is 192.168.0.101. Then below works
1- docker build -t 127.0.0.1:5000/eliza/console:0.0.1 .
2- docker run -d -p 5000:5000 --name registry registry:2
3- docker tag a3703d02a199 127.0.0.1:5000/eliza/console:0.0.1
4- docker push 127.0.0.1:5000/eliza/console:0.0.1
5- curl -X GET http://127.0.0.1:5000/v2/eliza/console/tags/list
因为docker run将注册表映射到127.0.0.1:5000和192.168.0.101:5000.现在,在您的计算机上,只有此127.0.0.1
起作用.现在,当您使用
Because docker run maps the registry to 127.0.0.1:5000 and 192.168.0.101:5000. Now on your machine only this 127.0.0.1
will work. Now when you use
3- minikube ssh
您进入minikube计算机,并且没有在127.0.0.1:5000上运行的注册表.这样的错误.使用计算机IP,无法在该计算机内部访问注册表.
You get inside the minikube machine and that doesn't have a registry running on 127.0.0.1:5000. So the error. The registry is no reachable inside this machine using the machine machine IP.
我通常解决此问题的方法是在本地和其他VM内使用主机名.
The way I usually solve this is issue is by using host name both locally and inside the other VMs.
因此,在您的计算机上,在/etc/hosts
So on your machine create a entry in /etc/hosts
docker.local 127.0.0.1
并将您的命令更改为
1- docker build -t docker.local:5000/eliza/console:0.0.1 .
2- docker run -d -p 5000:5000 --name registry registry:2
3- docker tag a3703d02a199 docker.local:5000/eliza/console:0.0.1
4- docker push docker.local:5000/eliza/console:0.0.1
5- curl -X GET http://docker.local:5000/v2/eliza/console/tags/list
然后在使用minikube ssh
时,在/etc/hosts
docker.local 192.168.0.101
然后curl -X GET http://docker.local:5000/v2/eliza/console/tags/list
编辑1
对于TLS问题,您需要在minikube中停止docker服务
For the TLS issue you need to Stop the docker service inside minikube
systemctl stop docker
然后编辑/etc/systemd/system/docker.service.d/10-machine.conf
并更改
ExecStart =/usr/bin/docker守护程序-H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert/etc/docker/ca. pem --tlscert/etc/docker/server.pem --tlskey/etc/docker/server-key.pem --label provider = virtualbox-不安全注册表10.0.0.0/24
ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=virtualbox --insecure-registry 10.0.0.0/24
到
ExecStart =/usr/bin/docker守护程序-H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert/etc/docker/ca. pem --tlscert/etc/docker/server.pem --tlskey/etc/docker/server-key.pem --label provider = virtualbox-不安全注册10.0.0.0/24-不安全注册docker.local: 5000-不安全注册表192.168.1.4:5000
ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=virtualbox --insecure-registry 10.0.0.0/24 --insecure-registry docker.local:5000 --insecure-registry 192.168.1.4:5000
然后重新加载守护程序并启动docker服务
Then reload daemon and start the docker service
systemctl daemon-reload
systemctl start docker
然后尝试拉动
docker pull docker.local:5000/eliza/console:0.0.1
该命令应该起作用
这篇关于(Kubernetes + Minikube)无法从本地注册表获取Docker映像的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!