Kubernetes无法从不安全的注册表中拉出来,无法在离线集群上从本地映像运行容器

时间:2017-09-15 10:02:15

标签: docker kubernetes centos7 docker-registry

我正在使用离线群集(机器无法访问互联网),使用ansible和docker compose脚本部署docker镜像。 我的服务器是Centos7。 我在机器上设置了一个不安全的docker注册表。我们要改变环境,我正在安装kubernetes以管理我的容器拉。

我按照本指南安装kubernetes: https://severalnines.com/blog/installing-kubernetes-cluster-minions-centos7-manage-pods-services

安装完成后,我尝试启动测试窗格。这是pod的yml,用

启动 
    kubectl -f create nginx.yml

这里是yml:

    apiVersion: v1
    kind: Pod
    metadata: 
      name: nginx
    spec:
      containers:
      - name: nginx
        image: [my_registry_addr]:[my_registry_port]/nginx:v1 

        ports:
        - containerPort: 80

我使用kubectl describe来获取有关错误的更多信息:

    Name:       nginx
    Namespace:  default
    Node:       [my node]
    Start Time: Fri, 15 Sep 2017 11:29:05 +0200
    Labels:     <none>
    Status:     Pending
    IP:     
    Controllers:    <none>
    Containers:
      nginx:
        Container ID:       
        Image:          [my_registry_addr]:[my_registry_port]/nginx:v1
        Image ID:           
        Port:           80/TCP
        State:          Waiting
          Reason:           ContainerCreating
        Ready:          False
        Restart Count:      0
        Volume Mounts:      <none>
        Environment Variables:  <none>
    Conditions:
      Type      Status
      Initialized   True 
      Ready     False 
      PodScheduled  True 
    No volumes.
    QoS Class:  BestEffort
    Tolerations:    <none>
    Events:
      FirstSeen LastSeen    Count   From                SubObjectPath           Type        Reason      Message
      --------- --------    -----   ----                -------------   --------    ------      -------
      2m        2m      1   {default-scheduler }                Normal      Scheduled   Successfully assigned nginx to [my kubernet node]
      1m        1m      2   {kubelet [my kubernet node]}            Warning     FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "Error while pulling image: Get https://index.docker.io/v1/repositories/library/[my_registry_addr]/images: dial tcp: lookup index.docker.io on [kubernet_master_ip]:53: server misbehaving"

      54s   54s 1   {kubelet [my kubernet node]}        Warning FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"[my_registry_addr]:[my_registry_port]\""

      8s    8s  1   {kubelet [my kubernet node]}        Warning FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/[my_registry_addr]/images. You may want to check your internet connection or if you are behind a proxy."

然后,我转到我的节点并使用journalctl -xe 

    sept. 15 11:22:02 [my_node_ip] dockerd-current[9861]: time="2017-09-15T11:22:02.350930396+02:00" level=info msg="{Action=create, LoginUID=4294967295, PID=11555}"
    sept. 15 11:22:17 [my_node_ip] dockerd-current[9861]: time="2017-09-15T11:22:17.351536727+02:00" level=warning msg="Error getting v2 registry: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
    sept. 15 11:22:17 [my_node_ip] dockerd-current[9861]: time="2017-09-15T11:22:17.351606330+02:00" level=error msg="Attempting next endpoint for pull after error: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
    sept. 15 11:22:32 [my_node_ip] dockerd-current[9861]: time="2017-09-15T11:22:32.353946452+02:00" level=error msg="Not continuing with pull after error: Error while pulling image: Get https://index.docker.io/v1/repositories/library/[my_registry_ip]/images: dial tcp: lookup index.docker.io on [kubernet_master_ip]:53: server misbehaving"
    sept. 15 11:22:32 [my_node_ip] kubelet[11555]: E0915 11:22:32.354309   11555 docker_manager.go:2161] Failed to create pod infra container: ErrImagePull; Skipping pod "nginx_default(8b5c40e5-99f4-11e7-98db-f8bc12456ee4)": Error while pulling image: Get https://index.docker.io/v1/repositories/library/[my_registry_ip]/images: dial tcp: lookup index.docker.io on [kubernet_master_ip]:53: server misbehaving
    sept. 15 11:22:32 [my_node_ip] kubelet[11555]: E0915 11:22:32.354390   11555 pod_workers.go:184] Error syncing pod 8b5c40e5-99f4-11e7-98db-f8bc12456ee4, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "Error while pulling image: Get https://index.docker.io/v1/repositories/library/[my_registry_ip]/images: dial tcp: lookup index.docker.io on [kubernet_master_ip]:53: server misbehaving"
    sept. 15 11:22:44 [my_node_ip] dockerd-current[9861]: time="2017-09-15T11:22:44.350708175+02:00" level=error msg="Handler for GET /v1.24/images/[my_registry_ip]:[my_registry_port]/json returned error: No such image: [my_registry_ip]:[my_registry_port]"

我确定我的码头配置很好,因为我每天都使用ansible或mesos。

docker version为1.12.6,kubernetes version为1.5.2

我现在能做什么?我没有找到任何配置密钥用于此用途。

当我看到拉动失败时,我手动拉动所有节点上的图像。我放了一个标签,以确保kubernetes将尝试拉出默认值,并设置&#34; imagePullPolicy:IfNotPresent&#34;

2 个答案:

答案 0 :(得分:0)

指定docker镜像的语法是:

[docker_registry]/[image_name]:[image_tag]

在清单文件中,您使用“:”分隔docker存储库主机和存储库正在侦听的端口。我认为docker private registry的默认端口是5000。 因此,请从

更改您的图像声明 
Image:          [my_registry_addr]:[my_registry_port]/nginx:v1


Image:          [my_registry_addr]/nginx:v1

此外,通过ping来检查从工作节点到docker注册表的网络连接。

ping [my_registry_addr]

如果您仍想检查注册表上是否打开了端口443,您可以在运行docker registry的主机上对该端口执行tcp检查

curl telnet://[my_registry_addr]:443

希望有所帮助。

答案 1 :(得分:0)

我终于找到了问题所在。

要工作,Kubernetes需要一个暂停容器。 Kubernetes试图在互联网上找到暂停容器。

我在我的注册表上部署了一个自定义暂停容器,我为此图像设置了kubernetes暂停容器。

在那之后,kubernetes的工作就像一个魅力。

相关问题
最新问题