Docker DIND 无法 apt-get 更新但 curl 可以

Docker DIND 无法 apt-get 更新但 curl 可以

我已经在我的家庭实验室 k3s 集群上部署了 docker-dind。并尝试在那里构建 docker 镜像。但是我在执行apt-get update命令时遇到错误。但在同一网络上运行 curl 命令,并且在和内docker:dind都可以正常工作nslookupping我能够apt-get update在主机上顺利执行类似的任务。所以这可能不是网络问题。

我的网络没有任何代理设置。

apt-get update在 side car 上dibian:bullseyeubuntu:22.04运行正常,没有问题。该问题仅在 dind 中的 docker build 期间出现

我曾尝试在 DigitalOcean Droplet 和 pod 上部署类似的 k3s 设置,Docker:dind一切运行正常。

我尝试构建的图像是 vanilla debian:bullseye。我可以确认在同一网络上的另一台机器上构建是可行的。(请参阅下面的示例 Dockerfile)

系统规格:

OS: Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-52-generic x86_64)
K3S: v1.25.2+k3s1
Containerd: 1.6.8-k3s1

docker info

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.9.1)
  compose: Docker Compose (Docker Inc., v2.12.2)

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 2
 Server Version: 20.10.21
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 1c90a442489720eec95342e1789ee8a5e1b9536f
 runc version: v1.1.4-0-g5fd4c4d1
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.15.0-52-generic
 Operating System: Alpine Linux v3.16 (containerized)
 OSType: linux
 Architecture: x86_64
 CPUs: 48
 Total Memory: 62.67GiB
 Name: docker-dind-test
 ID: 363P:AMIK:KWWZ:KW6T:WMTT:OKJ4:GLN3:NFQW:UCVU:ISRR:CAYJ:42TC
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://mirror.gcr.io/
 Live Restore Enabled: false
 Product License: Community Engine

Dockerfile

FROM debian:bullseye
ENV HOME=/root

RUN apt-get update --allow-releaseinfo-change && \
    apt-get upgrade -y --fix-missing && \
    apt-get install -y --fix-missing --no-install-recommends \
        postgresql-client \
        curl \
        wget \
        ca-certificates \
        openssl \
        libssl-dev

RUN curl -vLI http://deb.debian.org/debian

Docker build logs

Step 1/4 : FROM debian:bullseye
bullseye: Pulling from library/debian
17c9e6141fdb: Pulling fs layer
17c9e6141fdb: Verifying Checksum
17c9e6141fdb: Download complete
17c9e6141fdb: Pull complete
Digest: sha256:bfe6615d017d1eebe19f349669de58cda36c668ef916e618be78071513c690e5
Status: Downloaded newer image for debian:bullseye
 ---> d8cacd17cfdc
Step 2/4 : ENV HOME=/root
 ---> Running in 8e91e6ef9c42
Removing intermediate container 8e91e6ef9c42
 ---> f0df6cfad00b
Step 3/4 : RUN apt-get update --allow-releaseinfo-change &&     apt-get upgrade -y --fix-missing &&     apt-get install -y --fix-missing --no-install-recommends         postgresql-client         curl         wget         ca-certificates         openssl         libssl-dev
 ---> Running in c2fcf3f7da7b
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Err:1 http://deb.debian.org/debian bullseye InRelease
  Connection timed out [IP: 151.101.78.132 80]
Get:2 http://deb.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Err:2 http://deb.debian.org/debian-security bullseye-security InRelease
  Connection timed out [IP: 151.101.78.132 80]

docker:dind logs

Generating RSA private key, 4096 bit long modulus (2 primes)
.....................++++
......................................................................................................................................++++
e is 65537 (0x010001)
Generating RSA private key, 4096 bit long modulus (2 primes)
..................++++
................++++
e is 65537 (0x010001)
Signature ok
subject=CN = docker:dind server
Getting CA Private Key
/certs/server/cert.pem: OK
Generating RSA private key, 4096 bit long modulus (2 primes)
.................................................................++++
...........................................++++
e is 65537 (0x010001)
Signature ok
subject=CN = docker:dind client
Getting CA Private Key
/certs/client/cert.pem: OK
time="2022-11-14T15:58:50.449742253Z" level=info msg="Starting up"
time="2022-11-14T15:58:50.451348585Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
time="2022-11-14T15:58:50.452345732Z" level=info msg="libcontainerd: started new containerd process" pid=675
time="2022-11-14T15:58:50.452384646Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2022-11-14T15:58:50.452394281Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2022-11-14T15:58:50.452412512Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
time="2022-11-14T15:58:50.452424664Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2022-11-14T15:58:50Z" level=warning msg="containerd config version `1` has been deprecated and will be removed in containerd v2.0, please switch to version `2`, see https://github.com/containerd/containerd/blob/main/docs/PLUGINS.md#version-header"
time="2022-11-14T15:58:50.472503771Z" level=info msg="starting containerd" revision=1c90a442489720eec95342e1789ee8a5e1b9536f version=v1.6.9
time="2022-11-14T15:58:50.489432837Z" level=info msg="loading plugin \"io.containerd.content.v1.content\"..." type=io.containerd.content.v1
time="2022-11-14T15:58:50.489560763Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.aufs\"..." type=io.containerd.snapshotter.v1
time="2022-11-14T15:58:50.495865825Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.aufs\"..." error="aufs is not supported (modprobe aufs failed: exit status 1 \"ip: can't find device 'aufs'\\nmodprobe: can't change directory to '/lib/modules': No such file or directory\\n\"): skip plugin" type=io.containerd.snapshotter.v1
time="2022-11-14T15:58:50.495898748Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." type=io.containerd.snapshotter.v1
time="2022-11-14T15:58:50.496083409Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs (ext4) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
time="2022-11-14T15:58:50.496104895Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.devmapper\"..." type=io.containerd.snapshotter.v1
time="2022-11-14T15:58:50.496118384Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured"
time="2022-11-14T15:58:50.496148196Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.native\"..." type=io.containerd.snapshotter.v1
time="2022-11-14T15:58:50.496242442Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.overlayfs\"..." type=io.containerd.snapshotter.v1
time="2022-11-14T15:58:50.496535560Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.zfs\"..." type=io.containerd.snapshotter.v1
time="2022-11-14T15:58:50.496656657Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.zfs\"..." error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
time="2022-11-14T15:58:50.496683278Z" level=info msg="loading plugin \"io.containerd.metadata.v1.bolt\"..." type=io.containerd.metadata.v1
time="2022-11-14T15:58:50.496742065Z" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured"
time="2022-11-14T15:58:50.496762117Z" level=info msg="metadata content store policy set" policy=shared
time="2022-11-14T15:58:50.500867342Z" level=info msg="loading plugin \"io.containerd.differ.v1.walking\"..." type=io.containerd.differ.v1
time="2022-11-14T15:58:50.500890968Z" level=info msg="loading plugin \"io.containerd.event.v1.exchange\"..." type=io.containerd.event.v1
time="2022-11-14T15:58:50.500911054Z" level=info msg="loading plugin \"io.containerd.gc.v1.scheduler\"..." type=io.containerd.gc.v1
time="2022-11-14T15:58:50.500942937Z" level=info msg="loading plugin \"io.containerd.service.v1.introspection-service\"..." type=io.containerd.service.v1
time="2022-11-14T15:58:50.500959279Z" level=info msg="loading plugin \"io.containerd.service.v1.containers-service\"..." type=io.containerd.service.v1
time="2022-11-14T15:58:50.500980423Z" level=info msg="loading plugin \"io.containerd.service.v1.content-service\"..." type=io.containerd.service.v1
time="2022-11-14T15:58:50.500999583Z" level=info msg="loading plugin \"io.containerd.service.v1.diff-service\"..." type=io.containerd.service.v1
time="2022-11-14T15:58:50.501259889Z" level=info msg="loading plugin \"io.containerd.service.v1.images-service\"..." type=io.containerd.service.v1
time="2022-11-14T15:58:50.501283478Z" level=info msg="loading plugin \"io.containerd.service.v1.leases-service\"..." type=io.containerd.service.v1
time="2022-11-14T15:58:50.501300111Z" level=info msg="loading plugin \"io.containerd.service.v1.namespaces-service\"..." type=io.containerd.service.v1
time="2022-11-14T15:58:50.501314466Z" level=info msg="loading plugin \"io.containerd.service.v1.snapshots-service\"..." type=io.containerd.service.v1
time="2022-11-14T15:58:50.501334903Z" level=info msg="loading plugin \"io.containerd.runtime.v1.linux\"..." type=io.containerd.runtime.v1
time="2022-11-14T15:58:50.501479548Z" level=info msg="loading plugin \"io.containerd.runtime.v2.task\"..." type=io.containerd.runtime.v2
time="2022-11-14T15:58:50.501618443Z" level=info msg="loading plugin \"io.containerd.monitor.v1.cgroups\"..." type=io.containerd.monitor.v1
time="2022-11-14T15:58:50.502676656Z" level=info msg="loading plugin \"io.containerd.service.v1.tasks-service\"..." type=io.containerd.service.v1
time="2022-11-14T15:58:50.502726906Z" level=info msg="loading plugin \"io.containerd.grpc.v1.introspection\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.502749179Z" level=info msg="loading plugin \"io.containerd.internal.v1.restart\"..." type=io.containerd.internal.v1
time="2022-11-14T15:58:50.502806839Z" level=info msg="loading plugin \"io.containerd.grpc.v1.containers\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.502829454Z" level=info msg="loading plugin \"io.containerd.grpc.v1.content\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.502847152Z" level=info msg="loading plugin \"io.containerd.grpc.v1.diff\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.502862346Z" level=info msg="loading plugin \"io.containerd.grpc.v1.events\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.502878765Z" level=info msg="loading plugin \"io.containerd.grpc.v1.healthcheck\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.502895684Z" level=info msg="loading plugin \"io.containerd.grpc.v1.images\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.502915402Z" level=info msg="loading plugin \"io.containerd.grpc.v1.leases\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.502931719Z" level=info msg="loading plugin \"io.containerd.grpc.v1.namespaces\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.502954823Z" level=info msg="loading plugin \"io.containerd.internal.v1.opt\"..." type=io.containerd.internal.v1
time="2022-11-14T15:58:50.503353540Z" level=info msg="loading plugin \"io.containerd.grpc.v1.snapshots\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.503388785Z" level=info msg="loading plugin \"io.containerd.grpc.v1.tasks\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.503411978Z" level=info msg="loading plugin \"io.containerd.grpc.v1.version\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.503433166Z" level=info msg="loading plugin \"io.containerd.tracing.processor.v1.otlp\"..." type=io.containerd.tracing.processor.v1
time="2022-11-14T15:58:50.503457888Z" level=info msg="skip loading plugin \"io.containerd.tracing.processor.v1.otlp\"..." error="no OpenTelemetry endpoint: skip plugin" type=io.containerd.tracing.processor.v1
time="2022-11-14T15:58:50.503490771Z" level=info msg="loading plugin \"io.containerd.internal.v1.tracing\"..." type=io.containerd.internal.v1
time="2022-11-14T15:58:50.503521897Z" level=error msg="failed to initialize a tracing processor \"otlp\"" error="no OpenTelemetry endpoint: skip plugin"
time="2022-11-14T15:58:50.503591536Z" level=info msg="loading plugin \"io.containerd.grpc.v1.cri\"..." type=io.containerd.grpc.v1
time="2022-11-14T15:58:50.503747428Z" level=info msg="Start cri plugin with config {PluginConfig:{ContainerdConfig:{Snapshotter:overlayfs DefaultRuntimeName:runc DefaultRuntime:{Type: Path: Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:map[] PrivilegedWithoutHostDevices:false BaseRuntimeSpec: NetworkPluginConfDir: NetworkPluginMaxConfNum:0} UntrustedWorkloadRuntime:{Type: Path: Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:map[] PrivilegedWithoutHostDevices:false BaseRuntimeSpec: NetworkPluginConfDir: NetworkPluginMaxConfNum:0} Runtimes:map[runc:{Type:io.containerd.runc.v2 Path: Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:map[BinaryName: CriuImagePath: CriuPath: CriuWorkPath: IoGid:0 IoUid:0 NoNewKeyring:false NoPivotRoot:false Root: ShimCgroup: SystemdCgroup:false] PrivilegedWithoutHostDevices:false BaseRuntimeSpec: NetworkPluginConfDir: NetworkPluginMaxConfNum:0}] NoPivot:false DisableSnapshotAnnotations:true DiscardUnpackedLayers:false IgnoreRdtNotEnabledErrors:false} CniConfig:{NetworkPluginBinDir:/opt/cni/bin NetworkPluginConfDir:/etc/cni/net.d NetworkPluginMaxConfNum:1 NetworkPluginConfTemplate: IPPreference:} Registry:{ConfigPath: Mirrors:map[] Configs:map[] Auths:map[] Headers:map[]} ImageDecryption:{KeyModel:node} DisableTCPService:true StreamServerAddress:127.0.0.1 StreamServerPort:0 StreamIdleTimeout:4h0m0s EnableSelinux:false SelinuxCategoryRange:1024 SandboxImage:registry.k8s.io/pause:3.6 StatsCollectPeriod:10 SystemdCgroup:false EnableTLSStreaming:false X509KeyPairStreaming:{TLSCertFile: TLSKeyFile:} MaxContainerLogLineSize:16384 DisableCgroup:false DisableApparmor:false RestrictOOMScoreAdj:false MaxConcurrentDownloads:3 DisableProcMount:false UnsetSeccompProfile: TolerateMissingHugetlbController:true DisableHugetlbController:true DeviceOwnershipFromSecurityContext:false IgnoreImageDefinedVolumes:false NetNSMountsUnderStateDir:false EnableUnprivilegedPorts:false EnableUnprivilegedICMP:false} ContainerdRootDir:/var/lib/docker/containerd/daemon ContainerdEndpoint:/var/run/docker/containerd/containerd.sock RootDir:/var/lib/docker/containerd/daemon/io.containerd.grpc.v1.cri StateDir:/var/run/docker/containerd/daemon/io.containerd.grpc.v1.cri}"
time="2022-11-14T15:58:50.503841080Z" level=info msg="Connect containerd service"
time="2022-11-14T15:58:50.503911541Z" level=info msg="Get image filesystem path \"/var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.overlayfs\""
time="2022-11-14T15:58:50.504641932Z" level=error msg="failed to load cni during init, please check CRI plugin status before setting up network for pods" error="cni config load failed: no network config found in /etc/cni/net.d: cni plugin not initialized: failed to load cni config"
time="2022-11-14T15:58:50.504786299Z" level=info msg="Start subscribing containerd event"
time="2022-11-14T15:58:50.504883053Z" level=info msg="Start recovering state"
time="2022-11-14T15:58:50.504990905Z" level=info msg="Start event monitor"
time="2022-11-14T15:58:50.505019110Z" level=info msg="Start snapshots syncer"
time="2022-11-14T15:58:50.505036477Z" level=info msg="Start cni network conf syncer for default"
time="2022-11-14T15:58:50.505051308Z" level=info msg="Start streaming server"
time="2022-11-14T15:58:50.505078162Z" level=info msg=serving... address=/var/run/docker/containerd/containerd-debug.sock
time="2022-11-14T15:58:50.505196784Z" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock.ttrpc
time="2022-11-14T15:58:50.505306098Z" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock
time="2022-11-14T15:58:50.505343374Z" level=info msg="containerd successfully booted in 0.033579s"
time="2022-11-14T15:58:50.517625486Z" level=info msg="Setting the storage driver from the $DOCKER_DRIVER environment variable (overlay2)"
time="2022-11-14T15:58:50.517827929Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2022-11-14T15:58:50.517846193Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2022-11-14T15:58:50.517866712Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
time="2022-11-14T15:58:50.517880223Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2022-11-14T15:58:50.518938275Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2022-11-14T15:58:50.518974718Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2022-11-14T15:58:50.519034405Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
time="2022-11-14T15:58:50.519059990Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2022-11-14T15:58:50.543863597Z" level=info msg="Loading containers: start."
time="2022-11-14T15:58:50.599392629Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
time="2022-11-14T15:58:50.631332394Z" level=info msg="Loading containers: done."
time="2022-11-14T15:58:50.641948188Z" level=info msg="Docker daemon" commit=3056208 graphdriver(s)=overlay2 version=20.10.21
time="2022-11-14T15:58:50.642094877Z" level=info msg="Daemon has completed initialization"
time="2022-11-14T15:58:50.667636348Z" level=info msg="API listen on /var/run/docker.sock"
time="2022-11-14T15:58:50.675740617Z" level=info msg="API listen on [::]:2376"
time="2022-11-14T16:00:51.843715103Z" level=info msg="Layer sha256:903e1ef39c915239bdee0efa6d2524604ab820fec073b9e34748c9703040dfa5 cleaned up"
time="2022-11-14T16:00:51.913459982Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
time="2022-11-14T16:00:51.913558196Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
time="2022-11-14T16:00:51.913578733Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
time="2022-11-14T16:00:51.913895838Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/f6414ce7601f27bce0762e94ff1cbf32879cb21d25da7dd11fa957ecc1986c37 pid=950 runtime=io.containerd.runc.v2
time="2022-11-14T16:03:28.439293599Z" level=info msg="ignoring event" container=f6414ce7601f27bce0762e94ff1cbf32879cb21d25da7dd11fa957ecc1986c37 module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
time="2022-11-14T16:03:28.439526418Z" level=info msg="shim disconnected" id=f6414ce7601f27bce0762e94ff1cbf32879cb21d25da7dd11fa957ecc1986c37
time="2022-11-14T16:03:28.439623591Z" level=warning msg="cleaning up after shim disconnected" id=f6414ce7601f27bce0762e94ff1cbf32879cb21d25da7dd11fa957ecc1986c37 namespace=moby
time="2022-11-14T16:03:28.439653563Z" level=info msg="cleaning up dead shim"
time="2022-11-14T16:03:28.488341728Z" level=warning msg="cleanup warnings time=\"2022-11-14T16:03:28Z\" level=info msg=\"starting signal loop\" namespace=moby pid=1060 runtime=io.containerd.runc.v2\n"

docker dind k8s pod

apiVersion: v1
kind: Pod
metadata:
  name: docker-dind-test
spec:
  volumes:
    - name: docker-certs-client
      emptyDir:
        medium: Memory
    - name: docker-certs-ca
      emptyDir:
        medium: Memory
    - name: sample-dockerfile
      configMap:
        name: dockerfile
  containers:
    - name: docker-shell
      image: docker:20-cli
      command:
        - sh
        - '-c'
        - "sleep 36000"
      env:
        - name: DOCKER_HOST
          value: tcp://docker:2376
        - name: LC_ALL
          value: en_US.UTF-8
        - name: DOCKER_TLS_CERTDIR
          value: /certs
        - name: DOCKER_TLS_VERIFY
          value: '0'
        - name: DOCKER_CERT_PATH
          value: /certs/client
        - name: DOCKER_DRIVER
          value: overlay2
        - name: IMAGE_NAME
          value: test-docker-image
      volumeMounts:
        - name: docker-certs-client
          mountPath: /certs/client
        - name: docker-certs-ca
          mountPath: /certs/ca
        - name: sample-dockerfile
          mountPath: /code
          readOnly: false
      securityContext:
        capabilities:
          drop:
            - NET_RAW
        privileged: true
    - name: docker-dind
      image: docker:20-dind
      args:
        - '--registry-mirror=https://mirror.gcr.io'
        - '--cri-containerd'
      env:
        - name: DOCKER_HOST
          value: tcp://docker:2376
        - name: LC_ALL
          value: en_US.UTF-8
        - name: DOCKER_TLS_CERTDIR
          value: /certs
        - name: DOCKER_TLS_VERIFY
          value: '1'
        - name: DOCKER_CERT_PATH
          value: /certs/client
        - name: DOCKER_DRIVER
          value: overlay2
      volumeMounts:
        - name: docker-certs-client
          mountPath: /certs/client
        - name: docker-certs-ca
          mountPath: /certs/ca
        - name: sample-dockerfile
          mountPath: /code
          readOnly: false
      securityContext:
        capabilities:
          drop:
            - NET_RAW
        privileged: true
    - name: debian-shell
      image: debian:bullseye
      command:
        - sh
        - '-c'
        - "sleep 36000"
    - name: ubuntu-shell
      image: ubuntu:22.04
      command:
        - sh
        - '-c'
        - "sleep 36000"
  dnsPolicy: ClusterFirst
  hostAliases:
    - ip: 127.0.0.1
      hostnames:
        - docker

curl -IL http://deb.debian.org/debian

HTTP/1.1 302 Found
Connection: keep-alive
Content-Length: 277
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Referrer-Policy: no-referrer
X-Xss-Protection: 1
Permissions-Policy: interest-cohort=()
Location: http://ftp.debian.org/debian/
Content-Type: text/html; charset=iso-8859-1
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 14 Nov 2022 17:12:02 GMT
Age: 0
X-Served-By: cache-ams21054-AMS, cache-hkg17920-HKG
X-Cache: HIT, MISS
X-Cache-Hits: 4, 0
X-Timer: S1668445922.866768,VS0,VE175

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 6415
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Referrer-Policy: no-referrer
X-Xss-Protection: 1
Permissions-Policy: interest-cohort=()
X-Clacks-Overhead: GNU Terry Pratchett
Content-Type: text/html;charset=UTF-8
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 14 Nov 2022 17:12:02 GMT
Age: 0
X-Served-By: cache-ams12782-AMS, cache-hkg17925-HKG
X-Cache: HIT, MISS
X-Cache-Hits: 7, 0
X-Timer: S1668445922.339227,VS0,VE174
Vary: Accept-Encoding

答案1

遇到这个特定问题Docker DIND cannot apt-get update but curl works,发现它docker:dind基于 Alpine Linux 而不是 Ubuntu/Debian Linux。

所以我必须将其替换apt-get install才能apk add使我的安装脚本正常工作。

答案2

@kupson 提到的当前问题更新

MTU 设置确实解决了这个问题

- name: docker-dind
  image: docker:20-dind
  args:
    - '--registry-mirror=https://mirror.gcr.io'
    - '--cri-containerd'
    - '--mtu=1450'

答案3

看起来你的 Linux 服务器内存不足了。

可以通过语句“RestrictOOMScoreAdj”注意到这一点,该语句引用 /proc/$pid/oom_score_adj 中存在的文件。

当您的 Linux 计算机内存不足时,内存不足 (OOM) 终止程序是由 Linux 内核调用来释放一些内存的进程。在运行大量内存密集型进程的服务器上经常会遇到这种情况。

您可以通过向您的机器添加更多内存来解决此问题,方法是手动终止可扩展服务或在系统上配置 SAWP 分区。

相关内容