我已经使用 Nvidia deepops 设置了 Kubernetes 部署。我的集群是在我的家庭网络上运行的单个节点,Zerotier 充当我的远程控制计算机和用作主节点的节点之间的网桥。
master 上的主机文件:
/etc/hosts
# Hosts file -- Don't edit manually!
#
# Ansible managed
# Localhost
127.0.0.1 localhost.localdomain localhost
#
# Hosts managed by Ansible
#
# mgmt01
172.17.0.1 mgmt01-docker0
192.168.50.168 mgmt01-enp41s0 mgmt01 mgmt01.cluster.local
169.254.25.10 mgmt01-nodelocaldns
10.233.91.0 mgmt01-tunl0
172.22.85.169 mgmt01-ztly54iyqb
# Ansible inventory hosts BEGIN
192.168.50.168 mgmt01.cluster.local mgmt01
# Ansible inventory hosts END
::1 localhost6 localhost6.localdomain
192.168.50.168 registry.local
除非我手动编辑过。我添加了
registry.local
条目,这允许我在 ssh 进入主节点时推送图像:
# docker push registry.local/alpine
Using default tag: latest
The push refers to repository [registry.local/alpine]
8ea3b23f387b: Layer already exists
现在我希望能够从控制电脑(我的 MacBook)进行推送,但我收到证书错误:
❯ docker push registry.local/alpine
Using default tag: latest
The push refers to repository [registry.local/alpine]
Get https://registry.local/v2/: x509: certificate is valid for ingress.local, not registry.local
docker注册服务:
❯ k get svc/docker-registry -n deepops-docker -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
docker-registry NodePort 10.233.16.165 <none> 5000:31500/TCP 34d app=docker-registry,release=docker-registry
我可以按照哪些步骤使证书有效,以便将图像推送到我的私人注册表?
在具有现有容器映像的 CentOS 7 节点上,您可以通过以下方式使节点信任自签名证书:
/etc/pki/ca-trust/source/anchors/
。update-ca-trust extract
。然后使用
curl --verbose https://registry.local/alpine
测试连接。