我的(实验室/学习)Kubernetes 集群使用 containerd 作为运行时 (CRI) 运行。通过查看 /etc/containerd/config.toml 我可以看到 containerd 正在从远程存储库中提取暂停图像:
sandbox_image = "registry.k8s.io/pause:3.8"
我想告诉 contrainerd 使用暂停已经拉取到本地容器运行时的镜像:
lab@master:~$ sudo crictl image
IMAGE TAG IMAGE ID SIZE
docker.io/calico/cni v3.26.0 5d6f5c26c6554 93.3MB
docker.io/calico/kube-controllers v3.26.0 45ae357729e3a 33.8MB
docker.io/calico/node v3.26.0 44f52c09decec 87.6MB
registry.k8s.io/coredns/coredns v1.10.1 ead0a4a53df89 16.2MB
registry.k8s.io/etcd 3.5.10-0 a0eed15eed449 56.6MB
registry.k8s.io/kube-apiserver v1.28.7 eeb80ea665767 34.7MB
registry.k8s.io/kube-controller-manager v1.28.7 4d9d9de55f196 33.4MB
registry.k8s.io/kube-proxy v1.28.7 123aa721f941b 28.1MB
registry.k8s.io/kube-scheduler v1.28.7 309c26d006295 18.6MB
registry.k8s.io/pause 3.8 4873874c08efc 311kB <-- here
registry.k8s.io/pause 3.9 e6f1816883972 322kB
我尝试将 /etc/containerd/config.toml 中的 sandbox_image 修改为以下内容:
sandbox_image = "pause:3.8"
但随后containerd服务启动失败:
Apr 05 21:49:20 master containerd[1803]: time="2024-04-05T21:49:20.386597952Z" level=info msg="StopPodSandbox for \"d100902f983a92cbf0f385d490fdec5917549c181c88f0287782f45d31f04226\""
Apr 05 21:49:20 master containerd[1803]: time="2024-04-05T21:49:20.389443313Z" level=info msg="Container to stop \"b6b0cbd161076fd52885b03ca55094535af3b2b86fa0d0412c47a4235ce46178\" must be in running or unknown state, current state \"CONTAINER_EXITED\""
Apr 05 21:49:20 master containerd[1803]: time="2024-04-05T21:49:20.392477900Z" level=info msg="TearDown network for sandbox \"d100902f983a92cbf0f385d490fdec5917549c181c88f0287782f45d31f04226\" successfully"
Apr 05 21:49:20 master containerd[1803]: time="2024-04-05T21:49:20.394401174Z" level=info msg="StopPodSandbox for \"d100902f983a92cbf0f385d490fdec5917549c181c88f0287782f45d31f04226\" returns successfully"
Apr 05 21:49:20 master containerd[1803]: time="2024-04-05T21:49:20.406690451Z" level=info msg="RunPodSandbox for &PodSandboxMetadata{Name:kube-scheduler-master,Uid:4043e87c9e9d5772c32e4050b11757a4,Namespace:kube-system,Attempt:22,}"
Apr 05 21:49:21 master containerd[1803]: time="2024-04-05T21:49:21.320155662Z" level=info msg="trying next host" error="pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed" host=registry-1.docker.io
Apr 05 21:49:21 master containerd[1803]: time="2024-04-05T21:49:21.330971667Z" level=error msg="RunPodSandbox for &PodSandboxMetadata{Name:kube-scheduler-master,Uid:4043e87c9e9d5772c32e4050b11757a4,Namespace:kube-system,Attempt:22,} failed, error" error="failed to get sandbox image \"pause:3.8\": failed to pull image \"pause:3.8\": failed to pull and unpack image \"docker.io/library/pause:3.8\": failed to resolve reference \"docker.io/library/pause:3.8\": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed"
Apr 05 21:49:21 master containerd[1803]: time="2024-04-05T21:49:21.332934072Z" level=info msg="stop pulling image docker.io/library/pause:3.8: active requests=0, bytes read=5069"
问题: 如何配置 contrainerd 来使用暂停来自本地容器运行时的图像
更新:
我已经用ID 4873874c08efc 替换了pause:3.8,结果成功了。 ID 有效但 name 无效,有什么原因吗?