K
Q

What is the proper way of adding insecure registry in Google Kubernetes Engine nodes?

3/10/2018

We have a kubernetes cluster (3 nodes) created using Google kubernetes engine.

Each node are running container optimized OS.

BUILD_ID=10032.71.0
NAME="Container-Optimized OS"
KERNEL_COMMIT_ID=c4c6234ae4f384ce00819c41b48ca8f6f1fa3ba8
GOOGLE_CRASH_ID=Lakitu
VERSION_ID=63
BUG_REPORT_URL=https://crbug.com/new
PRETTY_NAME="Container-Optimized OS from Google"
VERSION=63
GOOGLE_METRICS_PRODUCT_ID=26
HOME_URL="https://cloud.google.com/compute/docs/containers/vm-image/"
ID=cos

I need to add an insecure docker registry and I plan to add it in each node's /etc/docker/daemon.json and restart docker afterwards for it to take effect.

I don't know if that's the correct way of doing it because I'm not sure if the kubernetes service will be up and running even though I tried to start the docker containers inside each node.

Is that the proper way of doing it? I cannot see any documentation in Gooogle Kubernetes Engine Docs on how to restart kubernetes service (or maybe I don't have permissions?).

-- mit13
google-kubernetes-engine

Similar Questions

Mysql Communications link failure in kubernetes sample
How to save generated kube config to .kube/config
Where do Kubernetes components log output?
Can't Connect to Kubernetes Service from Inside Service Pod?

1 Answer

3/12/2018

I was able to add an insecure registry by doing the steps below.

  1. Update DOCKER_OPTS under /etc/default/docker of each nodes to look like this

    DOCKER_OPTS="-p /var/run/docker.pid [...] --insecure-registry docker.registry2:5000 --insecure-registry docker.registry2:5001"

  2. Drain the node

    kubectl drain

  3. Restart docker on the node

  4. Repeat steps 1 -3 on the remaining nodes.

-- mit13
Source: StackOverflow