我们正在尝试在一组处于离线(互联网被阻止)状态的虚拟机(centos 7)中设置一个基本的 kubernetes(v1.25)集群。我们已经通过 docker pull 在另一台可以上网的服务器上下载了 kubernetes 服务器组件(即 apiserver、controller、etcd、kube-proxy、scheduler、coredns 等)的镜像,将这些镜像压缩为 tar,将它们传输到离线服务器,并导入到 containerd 镜像存储库(ctr -n=k8s.io image import kube-apiserver-v1.25.0.tar)。但是,如果我们尝试拉取镜像(kubeadm config images pull)或执行以下命令kubeadm init启动主节点,则会收到错误,因为它正尝试连接到registry.k8s.io域,然后连接到域storage.googleapis.com域。我们临时获得了特别批准以获得与上述 2 个域的连接,以运行 kubeadm init 命令来创建 kubernetes 容器。您能否提供一个解决方案,以便初始 HEAD 调用也转到本地镜像注册表而不是转到在线注册表?尽管我们获得了与 kubernetes 特定域连接的权限,但在尝试安装 CALICO 作为网络插件时,我们遇到了类似的问题,因为它有自己的域需要连接。而且类似的情况也会发生在任何来自在线公共注册表的镜像上。因此,我们需要一个有效的解决方案。
下面是在将 kubernetes 域连接到我们的服务器之前运行 kubeadm init 时遇到的错误。
$ kubeadm init --pod-network-cidr=10.184.48.0/24 --kubernetes-version=1.25.0 --apiserver-advertiseddress=$(hostname -i)
[init] Using Kubernetes version: v1.25.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image registry.k8s.io/kube-apiserver:v1.25.0: output: E0908 08:30:08.405405 19080 remote_image.go:238] "PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/kube-apiserver:v1.25.0\": failed to resolve reference \"registry.k8s.io/kube-apiserver:v1.25.0\": failed to do request: Head \"https://registry.k8s.io/v2/kube-apiserver/manifests/v1.25.0\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:51094->[::1]:53: read: connection refused" image="registry.k8s.io/kube-apiserver:v1.25.0"
time="2022-09-08T08:30:08Z" level=fatal msg="pulling image: rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/kube-apiserver:v1.25.0\": failed to resolve reference \"registry.k8s.io/kube-apiserver:v1.25.0\": failed to do request: Head \"https://registry.k8s.io/v2/kube-apiserver/manifests/v1.25.0\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:51094->[::1]:53: read: connection refused"
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.k8s.io/kube-controller-manager:v1.25.0: output: E0908 08:30:08.473579 19110 remote_image.go:238] "PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/kube-controller-manager:v1.25.0\": failed to resolve reference \"registry.k8s.io/kube-controller-manager:v1.25.0\": failed to do request: Head \"https://registry.k8s.io/v2/kube-controller-manager/manifests/v1.25.0\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:54055->[::1]:53: read: connection refused" image="registry.k8s.io/kube-controller-manager:v1.25.0"
time="2022-09-08T08:30:08Z" level=fatal msg="pulling image: rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/kube-controller-manager:v1.25.0\": failed to resolve reference \"registry.k8s.io/kube-controller-manager:v1.25.0\": failed to do request: Head \"https://registry.k8s.io/v2/kube-controller-manager/manifests/v1.25.0\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:54055->[::1]:53: read: connection refused"
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.k8s.io/kube-scheduler:v1.25.0: output: E0908 08:30:08.540054 19140 remote_image.go:238] "PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/kube-scheduler:v1.25.0\": failed to resolve reference \"registry.k8s.io/kube-scheduler:v1.25.0\": failed to do request: Head \"https://registry.k8s.io/v2/kube-scheduler/manifests/v1.25.0\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:60665->[::1]:53: read: connection refused" image="registry.k8s.io/kube-scheduler:v1.25.0"
time="2022-09-08T08:30:08Z" level=fatal msg="pulling image: rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/kube-scheduler:v1.25.0\": failed to resolve reference \"registry.k8s.io/kube-scheduler:v1.25.0\": failed to do request: Head \"https://registry.k8s.io/v2/kube-scheduler/manifests/v1.25.0\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:60665->[::1]:53: read: connection refused"
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.k8s.io/kube-proxy:v1.25.0: output: E0908 08:30:08.604658 19172 remote_image.go:238] "PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/kube-proxy:v1.25.0\": failed to resolve reference \"registry.k8s.io/kube-proxy:v1.25.0\": failed to do request: Head \"https://registry.k8s.io/v2/kube-proxy/manifests/v1.25.0\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:57387->[::1]:53: read: connection refused" image="registry.k8s.io/kube-proxy:v1.25.0"
time="2022-09-08T08:30:08Z" level=fatal msg="pulling image: rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/kube-proxy:v1.25.0\": failed to resolve reference \"registry.k8s.io/kube-proxy:v1.25.0\": failed to do request: Head \"https://registry.k8s.io/v2/kube-proxy/manifests/v1.25.0\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:57387->[::1]:53: read: connection refused"
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.k8s.io/pause:3.8: output: E0908 08:30:08.664003 19202 remote_image.go:238] "PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/pause:3.8\": failed to resolve reference \"registry.k8s.io/pause:3.8\": failed to do request: Head \"https://registry.k8s.io/v2/pause/manifests/3.8\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:33765->[::1]:53: read: connection refused" image="registry.k8s.io/pause:3.8"
time="2022-09-08T08:30:08Z" level=fatal msg="pulling image: rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/pause:3.8\": failed to resolve reference \"registry.k8s.io/pause:3.8\": failed to do request: Head \"https://registry.k8s.io/v2/pause/manifests/3.8\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:33765->[::1]:53: read: connection refused"
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.k8s.io/etcd:3.5.4-0: output: E0908 08:30:08.724547 19233 remote_image.go:238] "PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/etcd:3.5.4-0\": failed to resolve reference \"registry.k8s.io/etcd:3.5.4-0\": failed to do request: Head \"https://registry.k8s.io/v2/etcd/manifests/3.5.4-0\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:50537->[::1]:53: read: connection refused" image="registry.k8s.io/etcd:3.5.4-0"
time="2022-09-08T08:30:08Z" level=fatal msg="pulling image: rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/etcd:3.5.4-0\": failed to resolve reference \"registry.k8s.io/etcd:3.5.4-0\": failed to do request: Head \"https://registry.k8s.io/v2/etcd/manifests/3.5.4-0\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:50537->[::1]:53: read: connection refused"
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.k8s.io/coredns/coredns:v1.9.3: output: E0908 08:30:08.783023 19264 remote_image.go:238] "PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/coredns/coredns:v1.9.3\": failed to resolve reference \"registry.k8s.io/coredns/coredns:v1.9.3\": failed to do request: Head \"https://registry.k8s.io/v2/coredns/coredns/manifests/v1.9.3\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:33298->[::1]:53: read: connection refused" image="registry.k8s.io/coredns/coredns:v1.9.3"
time="2022-09-08T08:30:08Z" level=fatal msg="pulling image: rpc error: code = Unknown desc = failed to pull and unpack image \"registry.k8s.io/coredns/coredns:v1.9.3\": failed to resolve reference \"registry.k8s.io/coredns/coredns:v1.9.3\": failed to do request: Head \"https://registry.k8s.io/v2/coredns/coredns/manifests/v1.9.3\": dial tcp: lookup registry.k8s.io on [::1]:53: read udp [::1]:33298->[::1]:53: read: connection refused"
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
答案1
这里有几个选项,最简单的一个是标记您下载的图像注册中心在每个节点上(取决于您的设置、控制平面/工作者):
ctr --namespace=k8s.io image tag <yourimage> registry.k8s.io/<yourimage>
喜欢
ctr --namespace=k8s.io image tag etcd:3.5.4-0 registry.k8s.io/etcd:3.5.4-0
如果您重新标记所需的所有图像,则可以离线安装而不会出现问题。
我希望它有帮助。