错误报告
版本
kubeadm 版本(使用kubeadm version
):v1.28.6
环境:
Kubernetes 版本(使用
kubectl version
):v1.28.6云提供商或硬件配置:vsphere
操作系统(例如来自/etc/os-release):
# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
- 核心(例如
uname -a
):
# uname -a
Linux localhost.localdomain 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
- 容器运行时 (CRI)(例如containerd,cri-o):
# containerd -v
containerd github.com/containerd/containerd v1.7.12 71909c1814c544ac47ab91d2e8b84718e517bb99
- 容器网络插件 (CNI)(例如 Calico、Cilium):calico
- 其他的:
发生了什么?
通过编译 kubeadm 和镜像并将其存储在注册表存储库中,我使用 imageRepository: 10.102.28.1/google_containers 来拉取存储在注册表存储库中的镜像,我 kubernetes 将使用 crictl 来拉取镜像
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: o07ftt.1k2k5dagbgypo863
ttl: 876000h0m0s
usages:
- signing
- authentication
localAPIEndpoint:
advertiseAddress: 10.102.28.62
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
name: localhost
taints: null
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: 1.28.6
imageRepository: 10.102.28.1/google_containers
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
networking:
dnsDomain: cluster.local
podSubnet: "172.90.0.0/16"
serviceSubnet: "10.96.0.0/16"
apiServer:
extraArgs:
tls-cipher-suites: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
enable-admission-plugins: 'NodeRestriction,DefaultTolerationSeconds'
max-requests-inflight: "1000"
max-mutating-requests-inflight: "500"
default-watch-cache-size: "500"
kubelet-timeout: "5s"
event-ttl: "1h0m0s"
default-not-ready-toleration-seconds: "60"
default-unreachable-toleration-seconds: "60"
timeoutForControlPlane: 4m0s
etcd:
local:
dataDir: /var/lib/etcd
extraArgs:
election-timeout: "5000"
heartbeat-interval: "500"
controllerManager:
extraArgs:
bind-address: 0.0.0.0
concurrent-deployment-syncs: "5"
concurrent-endpoint-syncs: "5"
concurrent-gc-syncs: "20"
concurrent-namespace-syncs: "10"
concurrent-replicaset-syncs: "5"
concurrent-service-syncs: "1"
concurrent-serviceaccount-token-syncs: "5"
cluster-signing-duration: "87600h0m0s"
feature-gates: "RotateKubeletServerCertificate=true"
pvclaimbinder-sync-period: "15s"
node-monitor-period: "5s"
node-monitor-grace-period: "20s"
node-startup-grace-period: "30s"
scheduler:
extraArgs:
bind-address: 0.0.0.0
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
clientConnection:
burst: 20
qps: 120
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
clusterDNS:
- 169.254.20.10
clusterDomain: cluster.local
cpuManagerPolicy: static
cgroupsPerQOS: true
cgroupDriver: systemd
systemReserved:
cpu: "0.25"
memory: "200Mi"
kubeReserved:
cpu: "0.25"
memory: "1500Mi"
evictionHard:
memory.available: "100Mi"
nodefs.available: "5%"
nodefs.inodesFree: "3%"
imagefs.available: "8%"
evictionPressureTransitionPeriod: 5m0s
featureGates:
CPUManagerPolicyOptions: true
failSwapOn: true
fileCheckFrequency: 20s
hairpinMode: promiscuous-bridge
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 20s
imageGCHighThresholdPercent: 85
imageGCLowThresholdPercent: 80
imageMinimumGCAge: 2m0s
iptablesDropBit: 15
iptablesMasqueradeBit: 14
kubeAPIBurst: 20
kubeAPIQPS: 10
makeIPTablesUtilChains: true
maxOpenFiles: 1000000
maxPods: 110
nodeLeaseDurationSeconds: 40
nodeStatusReportFrequency: 10s
nodeStatusUpdateFrequency: 10s
oomScoreAdj: -999
podPidsLimit: -1
port: 10250
registryBurst: 10
registryPullQPS: 5
rotateCertificates: true
runtimeRequestTimeout: 2m0s
serializeImagePulls: true
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 4h0m0s
syncFrequency: 5s
volumeStatsAggPeriod: 1m0s
我可以通过 crictl 查看拉取的图像
# crictl images
IMAGE TAG IMAGE ID SIZE
10.102.28.1/google_containers/coredns v1.10.1 ead0a4a53df89 16.2MB
10.102.28.1/google_containers/etcd 3.5.10-0 a0eed15eed449 56.5MB
10.102.28.1/google_containers/kube-apiserver v1.28.6 078b4f8dadc5c 34.5MB
10.102.28.1/google_containers/kube-controller-manager v1.28.6 7c9fcce49f5c7 33.3MB
10.102.28.1/google_containers/kube-proxy v1.28.6 047da78ee6361 26.4MB
10.102.28.1/google_containers/kube-scheduler v1.28.6 e11632c1a73ed 18.7MB
10.102.28.1/google_containers/pause 3.9 e6f1816883972 320kB
但是当你使用 nerdctl 查看它时,你会看到很多空标签。为什么
# nerdctl -n k8s.io images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
10.102.28.1/google_containers/kube-apiserver v1.28.6 d61ad6e78ba8 19 minutes ago linux/amd64 123.3 MiB 32.9 MiB
10.102.28.1/google_containers/kube-apiserver <none> d61ad6e78ba8 19 minutes ago linux/amd64 123.3 MiB 32.9 MiB
10.102.28.1/google_containers/kube-controller-manager v1.28.6 54e75b217f1b 19 minutes ago linux/amd64 119.5 MiB 31.7 MiB
10.102.28.1/google_containers/kube-controller-manager <none> 54e75b217f1b 19 minutes ago linux/amd64 119.5 MiB 31.7 MiB
10.102.28.1/google_containers/kube-proxy v1.28.6 f451e473cccc 19 minutes ago linux/amd64 77.5 MiB 25.1 MiB
10.102.28.1/google_containers/kube-proxy <none> f451e473cccc 19 minutes ago linux/amd64 77.5 MiB 25.1 MiB
10.102.28.1/google_containers/kube-scheduler v1.28.6 1b1e305ad145 19 minutes ago linux/amd64 60.7 MiB 17.8 MiB
10.102.28.1/google_containers/kube-scheduler <none> 1b1e305ad145 19 minutes ago linux/amd64 60.7 MiB 17.8 MiB
10.102.28.1/google_containers/pause 3.9 a9fc01b32f33 19 minutes ago linux/amd64 728.0 KiB 312.4 KiB
10.102.28.1/google_containers/pause <none> a9fc01b32f33 19 minutes ago linux/amd64 728.0 KiB 312.4 KiB
<none> <none> f451e473cccc 19 minutes ago linux/amd64 77.5 MiB 25.1 MiB
<none> <none> d61ad6e78ba8 19 minutes ago linux/amd64 123.3 MiB 32.9 MiB
<none> <none> 54e75b217f1b 19 minutes ago linux/amd64 119.5 MiB 31.7 MiB
<none> <none> 1b1e305ad145 19 minutes ago linux/amd64 60.7 MiB 17.8 MiB
<none> <none> a9fc01b32f33 19 minutes ago linux/amd64 728.0 KiB 312.4 KiB
这是我的nerdctl配置文件,帮我看看是什么问题
# cat /etc/nerdctl/nerdctl.toml
debug = false
debug_full = false
address = "unix:///run/containerd/containerd.sock"
namespace = "k8s"
snapshotter = "overlayfs"
cgroup_manager = "systemd"
hosts_dir = ["/etc/containerd/certs.d", "/etc/docker/certs.d"]
insecure_registry = true
您期望发生什么?
我希望通过 nerdctl 看到的图像没有那些空标签,这会让它看起来很乱
nerdctl 版本
nerdctl version 1.7.2