Kubernetes 使用默认的 docker 注册表而不是 quay 或其他

问题描述 投票:0回答:1

我已经部署了一个本地 kubernetes 集群用于学习,直到昨天为止都运行良好,但我现在面临的问题是默认使用 quay.io 来提取显然没有图像的图像

无论我尝试创建一个简单的 busybox pod 还是部署 nginx,都无法提取图像并出现以下错误

kubectl create deployment nginx-test --image=nginx --replicas=4


Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  84s                default-scheduler  Successfully assigned default/nginx-test-566dbd78d4-zzwcv to kube-node-a.thedevbyte.com
  Warning  Failed     47s                kubelet            Failed to pull image "nginx": reading manifest latest in quay.io/nginx: StatusCode: 404, "<!doctype html>\n<html lang=en>\n<title>404 Not Foun..."
  Warning  Failed     47s                kubelet            Error: ErrImagePull
  Normal   BackOff    47s                kubelet            Back-off pulling image "nginx"
  Warning  Failed     47s                kubelet            Error: ImagePullBackOff
  Normal   Pulling    33s (x2 over 83s)  kubelet            Pulling image "nginx"

这是 busybox pod 创建错误:

Events:
  Type     Reason     Age   From               Message
  ----     ------     ----  ----               -------
  Normal   Scheduled  91s   default-scheduler  Successfully assigned default/test-busybox to kube-node-b.thedevbyte.com
  Normal   Pulling    91s   kubelet            Pulling image "busybox"
  Warning  Failed     11s   kubelet            Failed to pull image "busybox": reading manifest latest in quay.io/busybox: StatusCode: 404, "<!doctype html>\n<html lang=en>\n<title>404 Not Foun..."
  Warning  Failed     11s   kubelet            Error: ErrImagePull
  Normal   BackOff    11s   kubelet            Back-off pulling image "busybox"
  Warning  Failed     11s   kubelet            Error: ImagePullBackOff

如何配置 kubernetes 以使用 docker-hub 作为默认注册表,节点互联网连接没有问题,

我认为这似乎是图像拉取限制,所以我也添加了 docker 秘密

kubectl create secret docker-registry docker-registry-credentials \
--docker-server=https://index.docker.io/v1/ \
--docker-username=username \
--docker-password=password \
[email protected]

还尝试通过传递图像 URL 来拉取

kubectl run nginx1 --image=hub.docker.com/library/nginx:latest

但这不起作用,我需要配置 kubernetes 以使用 docker 作为默认注册表,您能帮我实现这一目标吗...

谢谢你

docker kubernetes nginx containers docker-registry
1个回答
0
投票

我已经弄清楚为什么它试图访问 quay.io,因为我的 docker pull 限制已达到并且它正在尝试其他可用的注册表,在每个工作节点上,我删除了除 docker.io 之外的所有注册表,并在之后重新启动了 crio 服务我开始获取 docker pull limit 的日志已超出 这是我遵循的步骤:

注释掉原来的注册表设置,并在所有工作节点上仅添加 docker.io 

root@kube-node-b:~# vi /etc/containers/registries.conf.d/crio.conf 
root@kube-node-b:~# cat /etc/containers/registries.conf.d/crio.conf 
unqualified-search-registries = ["docker.io"]
#unqualified-search-registries = ["docker.io", "quay.io"]

重新启动 crio 服务

root@kube-node-b:~# systemctl restart crio.service

现在,当我尝试创建 pod 时,它开始出现 docker pull limit returned 错误

Events:
  Type     Reason     Age   From               Message
  ----     ------     ----  ----               -------
  Normal   Scheduled  45s   default-scheduler  Successfully assigned default/new-port to kube-node-b.thedevbyte.com
  Normal   Pulling    44s   kubelet            Pulling image "nginx"
  Warning  Failed     10s   kubelet            Failed to pull image "nginx": reading manifest latest in docker.io/library/nginx: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
  Warning  Failed     10s   kubelet            Error: ErrImagePull
  Normal   BackOff    9s    kubelet            Back-off pulling image "nginx"
  Warning  Failed     9s    kubelet            Error: ImagePullBackOff

我已经为此创建了秘密

kubectl create secret docker-registry docker-registry-credentials \
--docker-server=https://index.docker.io/v1/ \
--docker-username=username \
--docker-password=password \
[email protected]

$ kubectl get secrets 
NAME                          TYPE                             DATA   AGE
docker-registry-credentials   kubernetes.io/dockerconfigjson   1      3h30m

现在,为了让所有拉取请求都默认使用此秘密,我遵循了这篇文章中的 Bcf Ant 答案:从 Kubernetes 中的私有注册表中拉取图像

创建了要处理的 yaml 文件:

kubectl get serviceaccounts default -o yaml > sa.yml

创建了一个备份文件(以防万一出现问题):

kubectl get serviceaccounts default -o yaml > sa-original.yml

编辑 sa.yml 文件并附加 imagePullSecrets 和密钥名称

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: "2023-12-02T20:34:02Z"
  name: default
  namespace: default
  resourceVersion: "329"
  uid: b088f667-52b5-4852-a83d-2e78643c9813
imagePullSecrets:
- name: docker-registry-credentials

然后应用文件内容:

kubectl replace serviceaccount default -f sa.yml

现在测试:

kubectl create deployment test-centos --image=centos --replicas=4 -- sleep 300

[7h3xyn1c@RHV1C4X2 ckad]$ kubectl get all
NAME                               READY   STATUS             RESTARTS        AGE
pod/test-centos-67f5bb6767-2f9xd   1/1     Running            0               75s
pod/test-centos-67f5bb6767-6dhl8   1/1     Running            0               75s
pod/test-centos-67f5bb6767-kx7wf   1/1     Running            0               75s
pod/test-centos-67f5bb6767-vhb6g   1/1     Running            0               75s
pod/test1                          1/1     Running            0               15m


NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   14d

NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/test-centos   4/4     4            4           75s

NAME                                     DESIRED   CURRENT   READY   AGE
replicaset.apps/test-centos-67f5bb6767   4         4         4       75s

现在一切正常

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.