从私有注册表中提取 k3s 镜像
Pau*_*aul 7 docker kubernetes docker-registry k3s
我一直在查看有关如何启用 k3s(在我的 pi 上运行)从我的家庭网络(我的网络上的服务器笔记本电脑)上的私有注册表中提取 docker 映像的不同参考资料。如果有人可以请把我的头指向正确的方向吗?这是我的方法:
- 在我的服务器上创建了 docker 注册表(并可通过端口 10000 进行访问):
docker run -d -p 10000:5000 --restart=always --local-docker-registry registry:2
这有效,并且能够将图像从“服务器电脑”推拉到它。我还没有添加身份验证 TLS 等...
(通过 VS Code 上的 docker 插件查看图像)。
- 在我的笔记本电脑服务器上添加了入站防火墙规则,并测试了可以从我的 pi 中“看到”注册表(因此这也有效):
$ curl -ks http://<server IP>:10000/v2/_catalog
{"repositories":["tcpserialpassthrough"]}
- 在 registries.yaml 文件中添加了 k3s(在我的 pi 上运行的 k3s)的注册表链接,并重新启动了 k3s 和 pi
$ cat /etc/rancher/k3s/registries.yaml
mirrors:
pwlaptopregistry:
endpoint:
- "http://<host IP here>:10000"
- 将注册表前缀添加到部署清单上的我的映像端点:
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcpserialpassthrough
spec:
selector:
matchLabels:
app: tcpserialpassthrough
replicas: 1
template:
metadata:
labels:
app: tcpserialpassthrough
spec:
containers:
- name: tcpserialpassthrough
image: pwlaptopregistry/tcpserialpassthrough:vers1.3-arm
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 8001
hostPort: 8001
protocol: TCP
command: ["dotnet", "/app/TcpConnector.dll"]
但是,当我检查部署启动顺序时,它仍然无法拉取映像(并且可能仍然引用 docker hub?):
kubectl get events -w
LAST SEEN TYPE REASON OBJECT MESSAGE
8m24s Normal SuccessfulCreate replicaset/tcpserialpassthrough-88fb974d9 Created pod: tcpserialpassthrough-88fb974d9-b88fc
8m23s Warning FailedScheduling pod/tcpserialpassthrough-88fb974d9-b88fc 0/1 nodes are available: 1 node(s) didn't have free ports for the requested pod ports.
8m23s Warning FailedScheduling pod/tcpserialpassthrough-88fb974d9-b88fc 0/1 nodes are available: 1 node(s) didn't have free ports for the requested pod ports.
8m21s Normal Scheduled pod/tcpserialpassthrough-88fb974d9-b88fc Successfully assigned default/tcpserialpassthrough-88fb974d9-b88fc to raspberrypi
6m52s Normal Pulling pod/tcpserialpassthrough-88fb974d9-b88fc Pulling image "pwlaptopregistry/tcpserialpassthrough:vers1.3-arm"
6m50s Warning Failed pod/tcpserialpassthrough-88fb974d9-b88fc Error: ErrImagePull
6m50s Warning Failed pod/tcpserialpassthrough-88fb974d9-b88fc Failed to pull image "pwlaptopregistry/tcpserialpassthrough:vers1.3-arm": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/pwlaptopregistry/tcpserialpassthrough:vers1.3-arm": failed to resolve reference "docker.io/pwlaptopregistry/tcpserialpassthrough:vers1.3-arm": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
6m3s Normal BackOff pod/tcpserialpassthrough-88fb974d9-b88fc Back-off pulling image "pwlaptopregistry/tcpserialpassthrough:vers1.3-arm"
3m15s Warning Failed pod/tcpserialpassthrough-88fb974d9-b88fc Error: ImagePullBackOff
想知道问题是否与授权有关,并根据基本身份验证添加,遵循此 YouTube 指南,但同样的问题仍然存在。另请注意,必须通过以下方式编辑/etc/docker/daemon.json以允许未经授权的非 TLS 连接:
{
"Insecure-registries": [ "<host IP>:10000" ]
}
但似乎这需要在节点端完成,而节点没有安装 docker cli?
Pau*_*aul 14
...这太愚蠢了,不知道为什么需要将域名和端口指定为您引用的注册表的“名称”,但无论如何这解决了我的问题(仅供参考):
$cat /etc/rancher/k3s/registries.yaml
mirrors:
"<host IP>:10000":
endpoint:
- "http://<host IP>:10000"
并重新启动 k3s:
systemctl 重新启动 k3s
然后在您的部署中,将映像路径中的路径引用为:
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcpserialpassthrough
spec:
selector:
matchLabels:
app: tcpserialpassthrough
replicas: 1
template:
metadata:
labels:
app: tcpserialpassthrough
spec:
containers:
- name: tcpserialpassthrough
image: <host IP>:10000/tcpserialpassthrough:vers1.3-arm
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 8001
hostPort: 8001
protocol: TCP
command: ["dotnet", "/app/TcpConnector.dll"]
imagePullSecrets:
- name: mydockercredentials
指的是作为秘密保存的注册表的基本身份验证详细信息:
$ kubectl create Secret docker-registry mydockercredentials --docker-server主机 IP :10000 --docker-username用户名--docker-password密码
您将能够通过以下方式验证拉取过程
$ kubectl 获取事件 -w
| 归档时间: |
|
| 查看次数: |
12987 次 |
| 最近记录: |