Kubernetes私有Docker注册表-注册表代理不起作用 [英] Kubernetes private docker registry - registry proxy doesn't work

问题描述

我正在3节点设置上运行Kubernetes(核心操作系统-本指南中的设置-

I'm running Kubernetes on a 3 node setup (Core OS - setup from this guide - https://coreos.com/kubernetes/docs/latest/deploy-master.html). I need to run a private docker registry in the setup, so I was following this guide: https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/registry

我认为注册表Pod正在运行，至少在端口5000上的注册表Pod有空响应(指南说我应该得到"404未经授权"的响应).我正在从busybox进行测试，它甚至可以与dns主机名一起使用.

I think that the registry pod is running, at least there is an empty response from the registry pod on port 5000 (the guide says I should be getting a "404 Unauthorized" response). I'm testing this from a busybox, it even works with the dns hostname.

但是主要问题是kube-registry-proxy无法正常运行.通过在每个节点上的/etc/kubernetes/manifest/文件夹中添加定义yaml，可以启动并运行代理.当我从kube-system命名空间中列出Pod时，会看到以下内容:

But the main problem is that the kube-registry-proxy won't run properly. I was able to get the proxies up and running by adding the definition yaml in the /etc/kubernetes/manifest/ folder on each node. When I list the pods from the kube-system namespace, I see this:

kube-registry-proxy-192.168.10.4       1/1       Running   0          32m
kube-registry-proxy-192.168.10.5       1/1       Running   0          3d
kube-registry-proxy-192.168.10.6       1/1       Running   0          1d

这似乎很好.但是，当我SSH到Kube集群的任何节点时，尝试运行

That seems to be working fine. But when I ssh into any node of the Kube cluster, and try tu run

curl -v localhost:5000

我收到此错误:

* Rebuilt URL to: localhost:5000/
*   Trying 127.0.0.1...
* connect to 127.0.0.1 port 5000 failed: Connection refused
* Failed to connect to localhost port 5000: Connection refused
* Closing connection 0
curl: (7) Failed to connect to localhost port 5000: Connection refused

另外，当我跑步

sudo lsof -i|grep LISTEN

没有列出端口5000.有任何线索吗?

there is no port 5000 listed. Any clues?

我需要的是能够从kubernetes内推入和拉出图像(因此pod可以从那里使用图像)，还能够从外面推入图像(使用端口5000的端口转发方法是足够，但也欢迎其他选择)

What I need is to be able to push and pull images from within kubernetes (so the pods ca use images from there) and also to be able to push images from outside (using the port forwarding method for port 5000 is sufficient, but other options are welcome too)

推荐答案

可能不是在您的localhost上监听.如果仅对测试来自群集内任何节点的内部群集流量感兴趣，则可以卷曲Pod的IP或服务群集IP:

It's probably not listening on your localhost. If you are only interested in testing internal cluster traffic from any node within the cluster, you can curl the pod's IP or the service cluster IP:

$ kubectl get po <your_pod> -o yaml | grep -i podip
    podIP: <spod_private_ip>
$ curl <pod_private_ip>:5000
$ kubectl get svc <your_svc> -o yaml | grep -i -w 'clusterip\|port'
     clusterIP: <cluster_ip>
     port: 5000
$ curl <cluster_ip>:5000

要将服务暴露给外部流量，您需要指定NodePort或LoadBalancer服务类型，如本K8s

To expose your service to external traffic, you will need to specify either the NodePort or LoadBalancer service type as seen in this K8s example.

这篇关于Kubernetes私有Docker注册表-注册表代理不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！