我正在遵循此示例,以使用Kubernetes创建Docker注册表: https://robertbrem.github.io/Microservices_with_Kubernetes/03_Docker_registry/01_Setup_a_docker_registry/
我正在使用以这种方式启动的Minikube
minikube start --vm-driver=none
它有效,我可以从minikubeNode:30500访问它。
现在,我重新启动安装了minikube的计算机,即使docker registry正在运行,并且服务定义与以前相同,我也无法访问POD。 / p>
我的服务:
apiVersion: v1
kind: Service
metadata:
name: registro
labels:
name: registro
spec:
ports:
- port: 5001
targetPort: 5000
nodePort: 30500
selector:
apl: registro
type: NodePort
我的部署:
apiVersion: apps/v1
kind: Deployment
metadata:
name: registro
spec:
replicas: 1
selector:
matchLabels:
apl: registro
template:
metadata:
labels:
apl: registro
spec:
containers:
- resources:
name: registry
image: registry:2
ports:
- name: registry-port
containerPort: 5000
volumeMounts:
- mountPath: /var/lib/registry
name: img
- mountPath: /certs
name: certs
- mountPath: /auth
name: auth
env:
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: /auth/htpasswd
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /certs/fullchain.pem
- name: REGISTRY_HTTP_TLS_KEY
value: /certs/privkey.pem
volumes:
- name: img
hostPath:
path: /home/ema/adm/docker/registro/img
- name: certs
hostPath:
path: /home/ema/adm/docker/registro/certs
- name: auth
hostPath:
path: /home/ema/adm/docker/registro/auth
当前群集IP:
# kubectl cluster-info
Kubernetes master is running at https://10.129.3.44:8443
KubeDNS is running at https://10.129.3.44:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
我的POD:
# kubectl describe pods
Name: registro-6b657796b-fx9jf
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: minikube/10.129.3.44
Start Time: Fri, 18 Jan 2019 10:17:04 +0100
Labels: apl=registro
pod-template-hash=6b657796b
Annotations: <none>
Status: Running
IP: 172.17.0.4
Controlled By: ReplicaSet/registro-6b657796b
Containers:
registry:
Container ID: docker://1b8ab87d5fd7602ee671abc1a6ebffdbcdc4c6d8892c174f83dea8cd4ee722a9
Image: registry:2
Image ID: docker-pullable://registry@sha256:1cd9409a311350c3072fe510b52046f104416376c126a479cef9a4dfe692cf57
Port: 5000/TCP
Host Port: 0/TCP
State: Running
Started: Fri, 18 Jan 2019 13:03:25 +0100
Last State: Terminated
Reason: Error
Exit Code: 137
Started: Fri, 18 Jan 2019 10:17:06 +0100
Finished: Fri, 18 Jan 2019 13:02:55 +0100
Ready: True
Restart Count: 1
Environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/fullchain.pem
REGISTRY_HTTP_TLS_KEY: /certs/privkey.pem
Mounts:
/auth from auth (rw)
/certs from certs (rw)
/var/lib/registry from img (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-9b46l (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
img:
Type: HostPath (bare host directory volume)
Path: /home/ema/adm/docker/registro/img
HostPathType:
certs:
Type: HostPath (bare host directory volume)
Path: /home/ema/adm/docker/registro/certs
HostPathType:
auth:
Type: HostPath (bare host directory volume)
Path: /home/ema/adm/docker/registro/auth
HostPathType:
default-token-9b46l:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-9b46l
Optional: false
...
我的服务:
# kubectl describe service registro
Name: registro
Namespace: default
Labels: name=registro
Annotations: <none>
Selector: apl=registro
Type: NodePort
IP: 10.101.157.80
Port: <unset> 5001/TCP
TargetPort: 5000/TCP
NodePort: <unset> 30500/TCP
Endpoints: 172.17.0.4:5000
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
Pod IP正在运行:
#curl 172.17.0.4:5000
集群IP不会抱怨,但仍会停留:
#curl 10.101.157.80:5001
节点端口IP不起作用:
#curl 10.129.3.44:30500 curl:(7)连接失败 10.129.3.44:30500
为什么我不能从节点访问我的服务?
如何诊断正在发生的事情?
更新1
以这种方式启动minikube时:
minikube start --vm-driver none
我收到以下警告:
[WARNING Hostname]: hostname "minikube" could not be reached
[WARNING Hostname]: hostname "minikube" lookup minikube on 10.126.20.16:53: server misbehaving
[WARNING DirAvailable--data-minikube]: /data/minikube is not empty
....
Error creating PKI assets: failed to write certificate "apiserver-kubelet-client": certificate apiserver-kubelet-client is not signed by corresponding CA
....
.: exit status 1
我不知道它们是否有意义,但我不喜欢exit status 1。
答案 0 :(得分:3)
要使用minikube start --vm-driver=none正确进行端口转发,必须安装socat。
只需尝试使用以下脚本,它对我来说就可以正常工作。
apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubectl socat docker.io --allow-unauthenticated
curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.33.0/minikube-linux-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube
minikube config set embed-certs true
minikube start --vm-driver none
您只能以root用户身份运行minikube start --vm-driver none。
先谢谢了。
答案 1 :(得分:0)
经过反复试验,这是我的解决方法: