kubernetes-pod-infrastructure:latest

时间:2021-07-21 23:27:00

解决方法:试试通过手动下载

docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest

docker pull 是还是报错

open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory

查看下redhat-ca.crt确实不存在,registry.access.redhat.com/rhel7/pod-infrastructure:latest默认是https下载。

最终解决方案:

1.docker search pod-infrastructure

2. 可使用:

docker.io   docker.io/tianyebj/pod-infrastructure               registry.access.redhat.com/rhel7/pod-infra...   2

3. 修改配置文件

cat /etc/kubernetes/kubelet

# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/tianyebj/pod-infrastructure:latest"

4. 重启kubernetes服务

master:

for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do

systemctl restart $SERVICES

systemctl enable $SERVICES

systemctl status $SERVICES

done      

node:

for SERVICES in kube-proxy kubelet docker; do

systemctl restart $SERVICES

systemctl enable $SERVICES

systemctl status $SERVICES

done

二、 网络部分

yum -y install flannel

修改配置文件/etc/sysconfig/flannel

[root@host-10-0-197-18 flannel]# cat /etc/sysconfig/flanneld
# Flanneld configuration options

# etcd url location. Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://master:2379"

# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"

# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
FLANNEL_OPTIONS="-iface=eth0"

2. 配置 etcdctl

etcdctl mkdir /atomic.io/network

etcdctl mk /kube-centos/network/config "{ \"Network\": \"172.30.0.0/16\", \"SubnetLen\": 24, \"Backend\": { \"Type\": \"vxlan\" } }"

3. 重启所有服务

三、  service account

报错信息: Error from server (ServerTimeout): error when creating "busybox.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account

方式一:禁用ServiceAccount

编辑/etc/kubenetes/apiserver: 
将以下这行中的ServiceAccount删除即可 
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" 
改为: 
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

这种方式比较粗暴,可能会遇到必须要用ServiceAccount的情况。

方式二:配置ServiceAccount

1、首先生成密钥: 
openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048

2、编辑/etc/kubenetes/apiserver 
添加以下内容: 
KUBE_API_ARGS="--service_account_key_file=/etc/kubernetes/serviceaccount.key"

3、再编辑/etc/kubernetes/controller-manager 
添加以下内容: 
KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/etc/kubernetes/serviceaccount.key"

最后无论是哪种解决方式都需要再重启kubernetes服务: 
systemctl restart etcd kube-apiserver kube-controller-manager kube-scheduler

#/bin/bash

echo "hello"

  

相关文章