没有这样的主机:Docker守护程序无法访问kubernetes注册表,但是同一节点上的wget可以连接到注册表 [英] No Such Host: Docker daemon can't access kubernetes registry but wget on the same node can connect to the registry
问题描述
我在单节点kubernetes集群上有一个基于Alpine Linux的节点(用于测试)。我在群集中的 docker-registry.default:5000
上安装了一个私有Docker注册表。我可以登录到高山节点并使用 wget
并访问我的私有Docker注册表。
I have an Alpine Linux based node on a single node kubernetes cluster(for testing). I have a private docker registry installed within my cluster at docker-registry.default:5000
. I can login to the alpine node and use wget
and access my private docker registry.
kubectl exec -it pod/nuclio-dashboard-5c5c48947b-lpgx8 -- /bin/sh
/ # wget -qO- https://docker:mypassword@docker-registry.default:5000/v2/_catalog
{"repositories":["nuclio/processor-helloworld3"]}
但是我似乎无法在同一Pod上使用docker访问它。客户端和服务器都是2019年构建版本
But I can't seem to access it using docker on the same pod. Both Client and Server are 2019 builds
kubectl exec -it pod/nuclio-dashboard-5c5c48947b-lpgx8 -- /bin/sh
/ # which docker
/usr/local/bin/docker
/ # docker login -u docker -p mypassword docker-registry.default:5000
Error response from daemon: Get https://docker-registry.default:5000/v2/: dial tcp: lookup docker-registry.default on 169.254.169.254:53: no such host
我可以登录Docker Hub注册表。
I can logon to the Docker Hub registry.
docker login -u my_hub_user -p my_hub_password
Login Succeeded
编辑:
在 kubectl上描述pod nuclio-dashboard-5c5c48947b-lpgx8
,我们得到了。
kd pod/nuclio-dashboard-5c5c48947b-2dpnz
Name: nuclio-dashboard-5c5c48947b-2dpnz
Namespace: nuclio
Priority: 0
Node: gke-your-first-cluster-1-pool-1-fe915942-506h/10.128.0.30
Start Time: Tue, 31 Dec 2019 09:39:45 -0500
Labels: app=nuclio
nuclio.io/app=dashboard
nuclio.io/class=service
nuclio.io/name=nuclio-dashboard
pod-template-hash=5c5c48947b
release=nuclio
Annotations: nuclio.io/version: 1.3.4-amd64
Status: Running
IP: 10.4.0.9
Controlled By: ReplicaSet/nuclio-dashboard-5c5c48947b
Containers:
nuclio-dashboard:
Container ID: docker://4f358607618f89da911e191226313193e38ed5335a3e46c207eee16669f1dd46
Image: quay.io/nuclio/dashboard:1.3.4-amd64
Image ID: docker-pullable://quay.io/nuclio/dashboard@sha256:e6d94f7bf46601b2454a9e73ba292c62edac3d4684ea15057855af2277eab8a5
Port: 8070/TCP
Host Port: 0/TCP
State: Running
Started: Tue, 31 Dec 2019 09:40:27 -0500
Ready: True
Restart Count: 0
Environment:
NUCLIO_DASHBOARD_REGISTRY_URL: <set to the key 'registry_url' of config map 'nuclio-registry-url'> Optional: true
NUCLIO_DASHBOARD_DEPLOYMENT_NAME: nuclio-dashboard
NUCLIO_CONTAINER_BUILDER_KIND: docker
NUCLIO_DASHBOARD_EXTERNAL_IP_ADDRESSES:
NUCLIO_DASHBOARD_HTTP_INGRESS_HOST_TEMPLATE:
Mounts:
/etc/nuclio/dashboard/registry-credentials from registry-credentials (ro)
/var/run/docker.sock from docker-sock (rw)
/var/run/secrets/kubernetes.io/serviceaccount from nuclio-nuclio-token-d7fwp (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
docker-sock:
Type: HostPath (bare host directory volume)
Path: /var/run/docker.sock
HostPathType:
registry-credentials:
Type: Secret (a volume populated by a Secret)
SecretName: nuclio-registry-credentials
Optional: true
nuclio-nuclio-token-d7fwp:
Type: Secret (a volume populated by a Secret)
SecretName: nuclio-nuclio-token-d7fwp
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events: <none>
推荐答案
Kubernetes会将内部DNS服务器注入到pod的/ etc / resolv.conf文件。这就是为什么您可以从Pod访问注册表的原因。
Kubernetes will inject the internal DNS servers to the pod's /etc/resolv.conf file. That is why you can access the registry from Pod.
通常,此DNS服务不会在 Pod
网络。
Usually, this DNS service will not be exposed outside of Pod
network.
使用docker命令时,您位于主机
内,主机将指向另一个无法解析注册表内部服务名称的DNS服务器。
When you use the docker command, you are inside the host
and the host will be pointing to a different DNS server that can't solve the internal service name of the registry.
要从主机访问注册表,您需要在下方。
To access the registry from your host, you need below.
1)将注册表 Service
公开为 NodePort
或 LoadBalancer
1) Expose the registry Service
as NodePort
or LoadBalancer
(在测试环境中,请使用 NodePort
)文档链接
(As you are in a test environment, use NodePort
)doc link
2)创建正确的DNS条目以将名称解析为IP(在 NodePort
服务的情况下,这里的IP是节点的IP)。由于只有一个节点,因此可以在 / etc / hosts
文件中创建一个条目来解析注册表FQDN。
2) Create proper DNS entry to resolve the name to IP (here IP will be the Node's IP incase of NodePort
service). As you have only one node, create an entry in /etc/hosts
file to resolve the registry FQDN.
这篇关于没有这样的主机:Docker守护程序无法访问kubernetes注册表,但是同一节点上的wget可以连接到注册表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!