我已经部署了一个本地 kubernetes 集群用于学习,直到昨天为止都运行良好,但我现在面临的问题是默认使用 quay.io 来提取显然没有图像的图像
无论我尝试创建一个简单的 busybox pod 还是部署 nginx,都无法提取图像并出现以下错误
kubectl create deployment nginx-test --image=nginx --replicas=4
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 84s default-scheduler Successfully assigned default/nginx-test-566dbd78d4-zzwcv to kube-node-a.thedevbyte.com
Warning Failed 47s kubelet Failed to pull image "nginx": reading manifest latest in quay.io/nginx: StatusCode: 404, "<!doctype html>\n<html lang=en>\n<title>404 Not Foun..."
Warning Failed 47s kubelet Error: ErrImagePull
Normal BackOff 47s kubelet Back-off pulling image "nginx"
Warning Failed 47s kubelet Error: ImagePullBackOff
Normal Pulling 33s (x2 over 83s) kubelet Pulling image "nginx"
这是 busybox pod 创建错误:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 91s default-scheduler Successfully assigned default/test-busybox to kube-node-b.thedevbyte.com
Normal Pulling 91s kubelet Pulling image "busybox"
Warning Failed 11s kubelet Failed to pull image "busybox": reading manifest latest in quay.io/busybox: StatusCode: 404, "<!doctype html>\n<html lang=en>\n<title>404 Not Foun..."
Warning Failed 11s kubelet Error: ErrImagePull
Normal BackOff 11s kubelet Back-off pulling image "busybox"
Warning Failed 11s kubelet Error: ImagePullBackOff
如何配置 kubernetes 以使用 docker-hub 作为默认注册表,节点互联网连接没有问题,
我认为这似乎是图像拉取限制,所以我也添加了 docker 秘密
kubectl create secret docker-registry docker-registry-credentials \
--docker-server=https://index.docker.io/v1/ \
--docker-username=username \
--docker-password=password \
[email protected]
还尝试通过传递图像 URL 来拉取
kubectl run nginx1 --image=hub.docker.com/library/nginx:latest
但这不起作用,我需要配置 kubernetes 以使用 docker 作为默认注册表,您能帮我实现这一目标吗...
谢谢你
我已经弄清楚为什么它试图访问 quay.io,因为我的 docker pull 限制已达到并且它正在尝试其他可用的注册表,在每个工作节点上,我删除了除 docker.io 之外的所有注册表,并在之后重新启动了 crio 服务我开始获取 docker pull limit 的日志已超出 这是我遵循的步骤:
注释掉原来的注册表设置,并在所有工作节点上仅添加 docker.io
root@kube-node-b:~# vi /etc/containers/registries.conf.d/crio.conf
root@kube-node-b:~# cat /etc/containers/registries.conf.d/crio.conf
unqualified-search-registries = ["docker.io"]
#unqualified-search-registries = ["docker.io", "quay.io"]
重新启动 crio 服务
root@kube-node-b:~# systemctl restart crio.service
现在,当我尝试创建 pod 时,它开始出现 docker pull limit returned 错误
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 45s default-scheduler Successfully assigned default/new-port to kube-node-b.thedevbyte.com
Normal Pulling 44s kubelet Pulling image "nginx"
Warning Failed 10s kubelet Failed to pull image "nginx": reading manifest latest in docker.io/library/nginx: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
Warning Failed 10s kubelet Error: ErrImagePull
Normal BackOff 9s kubelet Back-off pulling image "nginx"
Warning Failed 9s kubelet Error: ImagePullBackOff
我已经为此创建了秘密
kubectl create secret docker-registry docker-registry-credentials \
--docker-server=https://index.docker.io/v1/ \
--docker-username=username \
--docker-password=password \
[email protected]
$ kubectl get secrets
NAME TYPE DATA AGE
docker-registry-credentials kubernetes.io/dockerconfigjson 1 3h30m
现在,为了让所有拉取请求都默认使用此秘密,我遵循了这篇文章中的 Bcf Ant 答案:从 Kubernetes 中的私有注册表中拉取图像
创建了要处理的 yaml 文件:
kubectl get serviceaccounts default -o yaml > sa.yml
创建了一个备份文件(以防万一出现问题):
kubectl get serviceaccounts default -o yaml > sa-original.yml
编辑 sa.yml 文件并附加 imagePullSecrets 和密钥名称
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: "2023-12-02T20:34:02Z"
name: default
namespace: default
resourceVersion: "329"
uid: b088f667-52b5-4852-a83d-2e78643c9813
imagePullSecrets:
- name: docker-registry-credentials
然后应用文件内容:
kubectl replace serviceaccount default -f sa.yml
现在测试:
kubectl create deployment test-centos --image=centos --replicas=4 -- sleep 300
[7h3xyn1c@RHV1C4X2 ckad]$ kubectl get all
NAME READY STATUS RESTARTS AGE
pod/test-centos-67f5bb6767-2f9xd 1/1 Running 0 75s
pod/test-centos-67f5bb6767-6dhl8 1/1 Running 0 75s
pod/test-centos-67f5bb6767-kx7wf 1/1 Running 0 75s
pod/test-centos-67f5bb6767-vhb6g 1/1 Running 0 75s
pod/test1 1/1 Running 0 15m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 14d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/test-centos 4/4 4 4 75s
NAME DESIRED CURRENT READY AGE
replicaset.apps/test-centos-67f5bb6767 4 4 4 75s
现在一切正常