Containerd拉取镜像超时
- 环境信息:
- 问题描述:
- 原因分析:
- 解决方案:
参考资料:
Containerd配置镜像加速器
github-containerd
环境信息:
当前所用CR containerd的版本。
[jovision@k8smaster1 ~]$ containerd -v
containerd containerd.io 1.7.22 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
问题描述:
k8s 集群中,在部署node-exporter服务时,出现拉取镜像超时的现象。
[root@k8smaster1 ~]# kubectl get pods -n monitoring -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
node-exporter-rfxg9 0/1 ImagePullBackOff 0 5h44m 10.2.12.4 k8smaster1 <none> <none>
node-exporter-vdf9v 0/1 ErrImagePull 0 66s 10.2.12.3 k8smaster3 <none> <none>
[root@k8smaster1 ~]# kubectl describe pod node-exporter-vdf9v -n monitoring
Name: node-exporter-vdf9v
Status: Pending
Conditions:Type StatusInitialized True Ready False ContainersReady False PodScheduled True
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Scheduled 69s default-scheduler Successfully assigned monitoring/node-exporter-vdf9v to k8smaster3Warning Failed 51s (x2 over 66s) kubelet Failed to pull image "prom/node-exporter:v1.7.0": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/prom/node-exporter:v1.7.0": failed to resolve reference "docker.io/prom/node-exporter:v1.7.0": failed to do request: Head "https://registry-1.docker.io/v2/prom/node-exporter/manifests/v1.7.0": dial tcp 108.160.162.31:443: connect: connection timed outNormal Pulling 25s (x3 over 69s) kubelet Pulling image "prom/node-exporter:v1.7.0"Warning Failed 22s (x3 over 66s) kubelet Error: ErrImagePullWarning Failed 22s kubelet Failed to pull image "prom/node-exporter:v1.7.0": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/prom/node-exporter:v1.7.0": failed to resolve reference "docker.io/prom/node-exporter:v1.7.0": failed to do request: Head "https://registry-1.docker.io/v2/prom/node-exporter/manifests/v1.7.0": dial tcp 157.240.21.9:443: connect: connection timed outNormal BackOff 11s (x3 over 65s) kubelet Back-off pulling image "prom/node-exporter:v1.7.0"Warning Failed 11s (x3 over 65s) kubelet Error: ImagePullBackOff
原因分析:
docker.io 是 docker hub 的官方镜像地址,在中国无法直接访问,使用第三方镜像加速器有诸多限制。
故购买一台HK服务器,自己部署docker registory服务,作为中间代理服务器使用。
解决方案:
部署 docker registory服务,开放5000端口。
docker run -d -p 5000:5000 --restart=always --name registry -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io registry:2
更新镜像仓库地址
# 切换root
mkdir -p /etc/containerd && containerd config default > /etc/containerd/config.toml
vim /etc/containerd/config.tomlsandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"SystemdCgroup = trueconfig_path = "/etc/containerd/certs.d"mkdir /etc/containerd/certs.d/docker.io/ -p
vi /etc/containerd/certs.d/docker.io/hosts.toml
server = "https://registry-1.docker.io"[host."http://<docker registory>:5000"]capabilities = ["pull", "resolve", "push"]skip_verify = truesudo systemctl daemon-reload && systemctl restart containerd
ctr 直接使用中间代理服务器拉取镜像
ctr images pull --hosts-dir “/etc/containerd/certs.d” <docker registory>:5000/library/nginx:latest
算法求解23个经典函数测试集,MATLAB)
)