I'm following this example in order to create a Docker registry with Kubernetes: https://robertbrem.github.io/Microservices_with_Kubernetes/03_Docker_registry/01_Setup_a_docker_registry/
I'm using Minikube, started in this way
minikube start --vm-driver=none
And it works, I can access it from minikubeNode:30500
.
Now I restart the computer where minikube
is installed, and I cannot access anymore docker registry
, even though the POD
is running, and the service definition is the same as before.
My Service:
apiVersion: v1
kind: Service
metadata:
name: registro
labels:
name: registro
spec:
ports:
- port: 5001
targetPort: 5000
nodePort: 30500
selector:
apl: registro
type: NodePort
My Deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: registro
spec:
replicas: 1
selector:
matchLabels:
apl: registro
template:
metadata:
labels:
apl: registro
spec:
containers:
- resources:
name: registry
image: registry:2
ports:
- name: registry-port
containerPort: 5000
volumeMounts:
- mountPath: /var/lib/registry
name: img
- mountPath: /certs
name: certs
- mountPath: /auth
name: auth
env:
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: /auth/htpasswd
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /certs/fullchain.pem
- name: REGISTRY_HTTP_TLS_KEY
value: /certs/privkey.pem
volumes:
- name: img
hostPath:
path: /home/ema/adm/docker/registro/img
- name: certs
hostPath:
path: /home/ema/adm/docker/registro/certs
- name: auth
hostPath:
path: /home/ema/adm/docker/registro/auth
Current Cluster IP:
# kubectl cluster-info
Kubernetes master is running at https://10.129.3.44:8443
KubeDNS is running at https://10.129.3.44:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
My POD:
# kubectl describe pods
Name: registro-6b657796b-fx9jf
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: minikube/10.129.3.44
Start Time: Fri, 18 Jan 2019 10:17:04 +0100
Labels: apl=registro
pod-template-hash=6b657796b
Annotations: <none>
Status: Running
IP: 172.17.0.4
Controlled By: ReplicaSet/registro-6b657796b
Containers:
registry:
Container ID: docker://1b8ab87d5fd7602ee671abc1a6ebffdbcdc4c6d8892c174f83dea8cd4ee722a9
Image: registry:2
Image ID: docker-pullable://registry@sha256:1cd9409a311350c3072fe510b52046f104416376c126a479cef9a4dfe692cf57
Port: 5000/TCP
Host Port: 0/TCP
State: Running
Started: Fri, 18 Jan 2019 13:03:25 +0100
Last State: Terminated
Reason: Error
Exit Code: 137
Started: Fri, 18 Jan 2019 10:17:06 +0100
Finished: Fri, 18 Jan 2019 13:02:55 +0100
Ready: True
Restart Count: 1
Environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/fullchain.pem
REGISTRY_HTTP_TLS_KEY: /certs/privkey.pem
Mounts:
/auth from auth (rw)
/certs from certs (rw)
/var/lib/registry from img (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-9b46l (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
img:
Type: HostPath (bare host directory volume)
Path: /home/ema/adm/docker/registro/img
HostPathType:
certs:
Type: HostPath (bare host directory volume)
Path: /home/ema/adm/docker/registro/certs
HostPathType:
auth:
Type: HostPath (bare host directory volume)
Path: /home/ema/adm/docker/registro/auth
HostPathType:
default-token-9b46l:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-9b46l
Optional: false
...
My Service:
# kubectl describe service registro
Name: registro
Namespace: default
Labels: name=registro
Annotations: <none>
Selector: apl=registro
Type: NodePort
IP: 10.101.157.80
Port: <unset> 5001/TCP
TargetPort: 5000/TCP
NodePort: <unset> 30500/TCP
Endpoints: 172.17.0.4:5000
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
Pod IP is working:
# curl 172.17.0.4:5000
Cluster IP doesn't complain but remains stuck:
# curl 10.101.157.80:5001
Node port IP doesn't work:
# curl 10.129.3.44:30500 curl: (7) Failed connect to 10.129.3.44:30500
Why cant't I access my service from the node?
How to diagnose what is happening?
UPDATE 1
When starting minikube
in this way:
minikube start --vm-driver none
I get the following warnings:
[WARNING Hostname]: hostname "minikube" could not be reached
[WARNING Hostname]: hostname "minikube" lookup minikube on 10.126.20.16:53: server misbehaving
[WARNING DirAvailable--data-minikube]: /data/minikube is not empty
....
Error creating PKI assets: failed to write certificate "apiserver-kubelet-client": certificate apiserver-kubelet-client is not signed by corresponding CA
....
.: exit status 1
I don't know if they are meaningful, but I don't like exit status 1
.
After some trial and error, here is my solution:
For working port-forwarding properly with minikube start --vm-driver=none
you have to install socat
. Just try following script, its working fine for me.
apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubectl socat docker.io --allow-unauthenticated
curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.33.0/minikube-linux-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube
minikube config set embed-certs true
minikube start --vm-driver none
You have to run minikube start --vm-driver none
with root user only.