DEV Community

drake
drake

Posted on

K8s部署资源用Docker仓库内网地址无法Pull

  • Docker hub 的registry仓库默认用的是http协议,但是无论是Push还是Pull都是默认走的Https协议
  • 其中push可以通过修改Docker守护进程所在的环境的insecure-registry来解决 比如Docker-in-docker在K8s的实现方式:
apiVersion: v1
kind: Pod
metadata:
  name: docker-in-docker-pod2
  labels:
    app: docker-in-docker-pod2
spec:
  containers:
  - name: docker
    image: docker:dind
    securityContext:
      privileged: true
    env:
      - name: DOCKER_TLS_CERTDIR
        value: ""
    args: ["--host=tcp://0.0.0.0:2376", "--storage-driver=overlay2", "--insecure-registry=http://docker-registry-service.devops-tools.svc.cluster.local:5000"]
    ports:
      - containerPort: 2376
    resources:
      limits:
        memory: "500Mi"
      requests:
        memory: "500Mi"
Enter fullscreen mode Exit fullscreen mode
  • 而Docker pull 则无法通过修改配置来实现绕过https来使用http协议;此时必须走公网https了,解决方案是在Nginx中做路由配置,用的https也是Nginx的证书,如此便解决了该问题;

Top comments (0)