没有这样的主机: Docker守护进程不能访问kubernetes注册表，但是同一节点上的wget可以连接到注册表

Question

我在一个节点kubernetes集群上有一个基于Alpine的节点(用于测试)。我在docker-registry.default:5000的集群中安装了一个专用的坞注册中心。我可以登录到高寒节点，使用wget并访问我的专用码头注册中心。

kubectl exec -it pod/nuclio-dashboard-5c5c48947b-lpgx8 -- /bin/sh
/ # wget -qO- https://docker:mypassword@docker-registry.default:5000/v2/_catalog
{"repositories":["nuclio/processor-helloworld3"]}

但我似乎不能用同一舱的码头进入它。客户端和服务器都是2019年版本

kubectl exec -it pod/nuclio-dashboard-5c5c48947b-lpgx8 -- /bin/sh

/ # which docker
/usr/local/bin/docker
/ # docker login -u docker -p mypassword docker-registry.default:5000
Error response from daemon: Get https://docker-registry.default:5000/v2/: dial tcp: lookup docker-registry.default on 169.254.169.254:53: no such host

我可以登录到码头中心注册中心。

docker login -u my_hub_user  -p my_hub_password
Login Succeeded

编辑：

在kubectl describe pod nuclio-dashboard-5c5c48947b-lpgx8上，我们得到。

kd pod/nuclio-dashboard-5c5c48947b-2dpnz
Name:           nuclio-dashboard-5c5c48947b-2dpnz
Namespace:      nuclio
Priority:       0
Node:           gke-your-first-cluster-1-pool-1-fe915942-506h/10.128.0.30
Start Time:     Tue, 31 Dec 2019 09:39:45 -0500
Labels:         app=nuclio
                nuclio.io/app=dashboard
                nuclio.io/class=service
                nuclio.io/name=nuclio-dashboard
                pod-template-hash=5c5c48947b
                release=nuclio
Annotations:    nuclio.io/version: 1.3.4-amd64
Status:         Running
IP:             10.4.0.9
Controlled By:  ReplicaSet/nuclio-dashboard-5c5c48947b
Containers:
  nuclio-dashboard:
    Container ID:   docker://4f358607618f89da911e191226313193e38ed5335a3e46c207eee16669f1dd46
    Image:          quay.io/nuclio/dashboard:1.3.4-amd64
    Image ID:       docker-pullable://quay.io/nuclio/dashboard@sha256:e6d94f7bf46601b2454a9e73ba292c62edac3d4684ea15057855af2277eab8a5
    Port:           8070/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Tue, 31 Dec 2019 09:40:27 -0500
    Ready:          True
    Restart Count:  0
    Environment:
      NUCLIO_DASHBOARD_REGISTRY_URL:                <set to the key 'registry_url' of config map 'nuclio-registry-url'>  Optional: true
      NUCLIO_DASHBOARD_DEPLOYMENT_NAME:             nuclio-dashboard
      NUCLIO_CONTAINER_BUILDER_KIND:                docker
      NUCLIO_DASHBOARD_EXTERNAL_IP_ADDRESSES:
      NUCLIO_DASHBOARD_HTTP_INGRESS_HOST_TEMPLATE:
    Mounts:
      /etc/nuclio/dashboard/registry-credentials from registry-credentials (ro)
      /var/run/docker.sock from docker-sock (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from nuclio-nuclio-token-d7fwp (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  docker-sock:
    Type:          HostPath (bare host directory volume)
    Path:          /var/run/docker.sock
    HostPathType:
  registry-credentials:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  nuclio-registry-credentials
    Optional:    true
  nuclio-nuclio-token-d7fwp:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  nuclio-nuclio-token-d7fwp
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:          <none>

Answer 1

Kubernetes将把内部DNS服务器注入pod的/etc/ file文件。这就是为什么您可以从Pod访问注册表。

通常，此DNS服务不会在Pod网络之外公开。

当您使用docker命令时，您在host中，主机将指向无法解决注册表的内部服务名称的另一个DNS服务器。

要从主机访问注册表，您需要如下所示。

1)将注册表Service公开为NodePort或LoadBalancer

(在测试环境中，使用NodePort)doc链接

2)创建适当的DNS条目来将名称解析为IP (在这里，IP将是节点在NodePort服务中的IP )。由于只有一个节点，所以在/etc/hosts文件中创建一个条目来解析注册表FQDN。