本文解决了一个常见的Kubernetes问题,即Pod Infrastructure镜像拉取失败,通过安装证书和修改kubelet配置,成功解决了ContainerCreating状态的问题。
之前的k8s环境都是通过kubeadm安装,安装完成后通过kubectl run nginx --image=nginx 验证环境Ok,都正常运行。 今天的k8s采用二进制安装的方式,结果运行kubectl run一致在 ContainerCreating状态,通过kubectl describe pod xxx, 错误如下:
问题
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
26s 26s 1 {default-scheduler } Normal Schedu led Successfully assigned nginx-app-3633824185-mq71j to node1
27s 12s 2 {kubelet node1} Warning Failed Sync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
根据错误查看对应目录去,确实没有/etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory,
具体解决命令
安装 yum install python-rhsm-certificates
然后执行cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
pod恢复正常
然后手动验证pod-infrastructure:latest镜像可以下载了,nginx deployment也正常了。
另外一种解决办法
[root@node2 ca]# cat /etc/kubernetes/kubelet
###
# kubernetes kubelet (minion) config
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=0.0.0.0"
# The port for the info server to serve on
KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname-override=node2"
# location of the api-server
KUBELET_API_SERVER="--api-servers=http://192.168.119.137:8080"
# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
# Add your own!
KUBELET_ARGS=""
[root@node2 ca]#
我们可以从其他位置下载pod-infrastructure:latest, 也就是修改/etc/kubernetes/kubelet文件并重启kubelet。
cpio指令具体意义
,请参考http://www.gnu.org/software/cpio/
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
