Projects:Kubernetes: verschil tussen versies
Naar navigatie springen
Naar zoeken springen
Regel 1.025: | Regel 1.025: | ||
After a minute, as before, https://kuberegistry.sjorsgielen.nl/v2/ (replace with your own hostname) should return 200 OK with a page content of "{}". | After a minute, as before, https://kuberegistry.sjorsgielen.nl/v2/ (replace with your own hostname) should return 200 OK with a page content of "{}". | ||
To test whether it's working, let's take the Ubuntu Docker image and push it onto our registry, as per [https://docs.docker.com/registry/ more or less these instructions]. Here, it's important that the registry is well-reachable over HTTPS, as Docker will only allow non-SSL HTTP communication over localhost! (Although you could get around this with a <code>kubectl port-forward</code>.) | |||
<pre> | |||
$ docker pull ubuntu | |||
$ docker image tag ubuntu kuberegistry.sjorsgielen.nl/myubuntu | |||
$ docker push kuberegistry.sjorsgielen.nl/myubuntu | |||
[...] Retrying in 10 seconds | |||
</pre> | |||
That seems to fail. As before, we can figure out the root cause by getting the logs of the Registry pod: | |||
<pre> | |||
$ kubectl logs registry-6bf4dbcfb-9csf5 | |||
[...] | |||
time="2019-03-28T21:44:04.465658668Z" level=error msg="response completed with error" err.code=unknown err.detail="filesystem: mkdir /var/lib/registry/docker: permission denied" err.message="unknown error" go.version=go1.11.2 http.request.host=kuberegistry.sjorsgielen.nl http.request.id=c00f2785-30b0-469d-bcff-70a12c0f604b http.request.method=POST http.request.remoteaddr=10.107.160.0 http.request.uri="/v2/myubuntu/blobs/uploads/" http.request.useragent="docker/18.06.1-ce go/go1.10.4 git-commit/e68fc7a kernel/4.4.0-112-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.06.1-ce \(linux\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration=125.482304ms http.response.status=500 http.response.written=164 vars.name=myubuntu | |||
</pre> | |||
A "permission denied" error in "mkdir /var/lib/registry/docker". Now, we may not know the PersistentVolume behind whatever is mounted in the registry, but we can quickly find out by checking <code>kubectl describe deployment registry</code>, <code>kubectl get pvc</code> and <code>kubectl describe pv registry-storage</code>. In my case, it's because root squashing is enabled on my NFS mount and the directory is being accessed by root, therefore by an anonymous uid/gid, which doesn't have rights in the directory. It's easily fixed and now the push works: | |||
<pre> | |||
$ docker push kuberegistry.sjorsgielen.nl/myubuntu | |||
The push refers to repository [kuberegistry.sjorsgielen.nl/myubuntu] | |||
b57c79f4a9f3: Pushed | |||
d60e01b37e74: Pushed | |||
e45cfbc98a50: Pushed | |||
762d8e1a6054: Pushed | |||
latest: digest: sha256:f2557f94cac1cc4509d0483cb6e302da841ecd6f82eb2e91dc7ba6cfd0c580ab size: 1150 | |||
</pre> | |||
Now, let's make our own Docker image, push it, and start it in a Pod! | |||
= To do = | = To do = |