(Kubernetes + Minikube) 无法从本地注册表获取 docker 镜像 [英] (Kubernetes + Minikube) can't get docker image from local registry

问题描述

我在我的机器上设置了 docker 以及里面有 docker 的 minikube，所以我可能有两个 docker 实例在不同的 VM 上运行

I have setup docker on my machine and also minikube which have docker inside it, so probably i have two docker instances running on different VM

我构建了一个图像并标记它，然后将其推送到本地注册表并成功推送，我也可以从注册表中提取它，并且当我运行 curl 获取标签列表时，我得到了结果，这就是我所做的

I build an image and tag it then push it to local registry and it pushed successfully and i can pull it from registry too and also when i run curl to get tags list i got result, and here are what i did

1- docker build -t 127.0.0.1:5000/eliza/console:0.0.1 .
2- docker run -d -p 5000:5000 --name registry registry:2
3- docker tag a3703d02a199 127.0.0.1:5000/eliza/console:0.0.1
4- docker push 127.0.0.1:5000/eliza/console:0.0.1
5- curl -X GET http://127.0.0.1:5000/v2/eliza/console/tags/list

以上所有步骤都运行良好，完全没有问题.

all above steps are working fine with no problems at all.

我的问题是当我运行 minikube 并尝试在其中的本地注册表中访问此图像时

My problem is when i run minikube and try to access this image in local registry inside it

所以当我运行下一个命令时

So when i run next commands

1- sudo minikube start --insecure-registry 127.0.0.1:5000
2- eval $(minikube docker-env)
3- minikube ssh
4- curl -X GET http://127.0.0.1:5000/v2/eliza/console/tags/list

在最后一步(第 4 点)它给了我下一条消息

in last step (point 4) it gave me next message

curl: (7) 无法连接到 127.0.0.1 端口 5000:连接被拒绝

curl: (7) Failed to connect to 127.0.0.1 port 5000: Connection refused

所以我可以从我的机器访问映像注册表，但不能从 minikube 访问，这当然会给我带来问题，当我在 minikube 上使用 Kubernetes 部署此映像并由于无法连接到 http://127.0.0.1:5000

So i can access image registry from my machine but not from minikube which make a problems of course with me when i deploy this image using Kubernetes on minikube and make deploy failed due to can't connect to http://127.0.0.1:5000

你能帮我配置 minikube 以查看我的本地注册表，这样我的问题就会得到解决，然后我就可以成功地使用 kubernetes 将镜像部署到 minikube 了吗?

Can you help me configuring minikube to see my local registry so my problem will be solved then i can deploy image to minikube using kubernetes successfully?

更新

我正在使用这个 yaml 文件(我将其命名为 ConsolePre.yaml)使用 kubernetes 部署我的映像

I am using this yaml file (i named it ConsolePre.yaml) to deploy my image using kubernetes

apiVersion: v1
  kind: Service
  metadata:
    name: tripbru-console
    labels:
      app: tripbru-console
  spec:
    ports:
      - port: 9080
        targetPort: 9080
        nodePort: 30181
    selector:
      app: tripbru-console
      tier: frontend
    type: NodePort
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: tripbru-console
  labels:
    app: tripbru-console
spec:
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: tripbru-console
        tier: frontend
    spec:
      containers:
      - image: docker.local:5000/eliza/console:0.0.1
        name: tripbru-console
        ports:
        - containerPort: 9080
          name: tripbru-console

当我运行下一个命令来应用更改时

and when i run next command to apply changes

sudo kubectl apply -f/PATH_TO_YAML_FILE/ConsolePre.yaml

sudo kubectl apply -f /PATH_TO_YAML_FILE/ConsolePre.yaml

结果是

NAME                                      READY     STATUS         RESTARTS   AGE
po/tripbru-console-1655054400-x3g87       0/1       ErrImagePull   0          1m

当我运行describe命令时

and when i run describe command

sudo kubectl 描述 pod tripbru-console-1655054400-x3g87

sudo kubectl describe pod tripbru-console-1655054400-x3g87

我在描述结果中找到下一条消息

i found next message in description result

来自守护进程的错误响应:{"message":"Gethttps://docker.local:5000/v1/_ping:拨号tcp:查找docker.local在10.0.2.3:53: 读取 udp 10.0.2.15:57792-u003e10.0.2.3:53: i/o timeout"}

Error response from daemon: {"message":"Get https://docker.local:5000/v1/_ping: dial tcp: lookup docker.local on 10.0.2.3:53: read udp 10.0.2.15:57792-u003e10.0.2.3:53: i/o timeout"}

并且我在 minikube/etc/hosts 中配置了 docker.local xxx.xxx.xx.4 所以我不知道 10.0.2.3:53 和 10.0.2.15:57792 来自哪里.

and i configured docker.local xxx.xxx.xx.4 in minikube /etc/hosts so i don't know from where 10.0.2.3:53 and 10.0.2.15:57792 come from.

那么我该如何解决这个问题.

So how can i solve this issue too.

谢谢:)

推荐答案

问题在于您在任何地方使用 127.0.0.1 的想法.这是错误的.

The issue is your notion using 127.0.0.1 anywhere you want. This is wrong.

所以如果你的机器 IP 是 192.168.0.101.然后下面的作品

So if your machine IP is 192.168.0.101. Then below works

1- docker build -t 127.0.0.1:5000/eliza/console:0.0.1 .
2- docker run -d -p 5000:5000 --name registry registry:2
3- docker tag a3703d02a199 127.0.0.1:5000/eliza/console:0.0.1
4- docker push 127.0.0.1:5000/eliza/console:0.0.1
5- curl -X GET http://127.0.0.1:5000/v2/eliza/console/tags/list

因为 docker run 将注册表映射到 127.0.0.1:5000 和 192.168.0.101:5000.现在在你的机器上只有这个 127.0.0.1 可以工作.现在当你使用

Because docker run maps the registry to 127.0.0.1:5000 and 192.168.0.101:5000. Now on your machine only this 127.0.0.1 will work. Now when you use

3- minikube ssh

您进入 minikube 机器，但它没有在 127.0.0.1:5000 上运行的注册表.所以错误.使用机器机器IP无法访问该机器内部的注册表.

You get inside the minikube machine and that doesn't have a registry running on 127.0.0.1:5000. So the error. The registry is no reachable inside this machine using the machine machine IP.

我通常解决这个问题的方法是在本地和其他虚拟机内部使用主机名.

The way I usually solve this is issue is by using host name both locally and inside the other VMs.

所以在你的机器上创建一个条目 /etc/hosts

So on your machine create a entry in /etc/hosts

docker.local 127.0.0.1

并将您的命令更改为

1- docker build -t docker.local:5000/eliza/console:0.0.1 .
2- docker run -d -p 5000:5000 --name registry registry:2
3- docker tag a3703d02a199 docker.local:5000/eliza/console:0.0.1
4- docker push docker.local:5000/eliza/console:0.0.1
5- curl -X GET http://docker.local:5000/v2/eliza/console/tags/list

然后当你使用 minikube ssh 时，在 /etc/hosts

And then when you use minikube ssh, make a entry for docker.local in /etc/hosts

docker.local 192.168.0.101

然后 curl -X GET http://docker.local:5000/v2/eliza/console/tags/list

编辑-1

对于 TLS 问题，您需要停止 minikube 内的 docker 服务

For the TLS issue you need to Stop the docker service inside minikube

systemctl stop docker

然后编辑/etc/systemd/system/docker.service.d/10-machine.conf并修改

ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert/etc/docker/ca.pem --tlscert/etc/docker/server.pem --tlskey/etc/docker/server-key.pem --label provider=virtualbox --insecure-registry 10.0.0.0/24

ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=virtualbox --insecure-registry 10.0.0.0/24

到

ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert/etc/docker/ca.pem --tlscert/etc/docker/server.pem --tlskey/etc/docker/server-key.pem --label provider=virtualbox --insecure-registry 10.0.0.0/24 --insecure-registry docker.local:5000 --insecure-registry 192.168.1.4:5000

ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=virtualbox --insecure-registry 10.0.0.0/24 --insecure-registry docker.local:5000 --insecure-registry 192.168.1.4:5000

然后重新加载守护进程并启动docker服务

Then reload daemon and start the docker service

systemctl daemon-reload
systemctl start docker

之后尝试拉

docker pull docker.local:5000/eliza/console:0.0.1

命令应该可以工作

这篇关于(Kubernetes + Minikube) 无法从本地注册表获取 docker 镜像的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！