mongo

mongo

关注
发信
关注(28)粉丝(399)

docker - minikube-x509:未知授权机构签署的证书

我正在使用minikubekubectlRC创建一个mongo。我正在使用公司的VPN。
通过RC命令创建了kubectl create -f ./rc/mongo-rc.yaml
使用kubectl describe pod mongo-5zttk命令时出现以下kubernetes事件:

...
Events:
  Type     Reason     Age                    From               Message
  ----     ------     ----                   ----               -------
  Normal   Scheduled  7m18s                  default-scheduler  Successfully assigned default/mongo-5zttk to minikube
  Normal   Pulling    5m42s (x4 over 7m17s)  kubelet, minikube  Pulling image "mongo"
  Warning  Failed     5m40s (x4 over 7m15s)  kubelet, minikube  Failed to pull image "mongo": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/library/mongo/manifests/latest: Get https://auth.docker.io/token?scope=repository%3Alibrary%2Fmongo%3Apull&service=registry.docker.io: x509: certificate signed by unknown authority
  Warning  Failed     5m40s (x4 over 7m15s)  kubelet, minikube  Error: ErrImagePull
  Normal   BackOff    5m29s (x6 over 7m15s)  kubelet, minikube  Back-off pulling image "mongo"
  Warning  Failed     2m8s (x21 over 7m15s)  kubelet, minikube  Error: ImagePullBackOff
当我尝试使用curl访问URL时:
⚡  curl https://registry-1.docker.io/v2/library/mongo/manifests/latest
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"library/mongo","Action":"pull"}]}]}
我可以成功从docker hub注册表中提取mongo:latest图像。
⚡  docker pull mongo:latest
latest: Pulling from library/mongo
Digest: sha256:efc408845bc917d0b7fd97a8590e9c8d3c314f58cee651bd3030c9cf2ce9032d
Status: Image is up to date for mongo:latest
docker.io/library/mongo:latest
环境信息:
  • minikube版本:v1.14.1
  • kubectl
  • 客户端版本:v1.18.8
  • 服务器版本:v1.19.2

  • 操作系统:macOS 10.13.6

    • 我已阅读文档:vpn_and_proxy/#x509-certificate-signed-by-unknown-authority。解决方案是向IT部门索取适当的PEM文件。如果无法获取PEM文件,有什么解决方案吗?如使用一些命令标志:--skip-verify-cert
    更新:mongo-rc.yaml:
    apiVersion: v1
kind: ReplicationController
metadata:
  name: mongo
spec:
  replicas: 1
  selector:
    app: mongo
  template:
    metadata:
      labels:
        app: mongo
    spec:
      containers:
      - name: mongo
        image: mongo
        ports:
        - containerPort: 27017
        env:
        - name: MONGO_ROOT_PASSWORD
          value: "123456"

    最佳答案

    您应该可以使用--insecure-registry标志,但是您可能必须重新创建您的minikube集群才能使用。

    minikube start --insecure-registry="registry-1.docker.io"

    关于docker - minikube-x509:未知授权机构签署的证书,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/64532470/

    10-15 21:56
    Powered by LMLPHP ©2024 mongo 0.027970