前言
本篇紀錄 K8S kubeadm 建立 Deployment 不撈取遠端鏡像儲存庫遇到的問題
k8stest = 自建專案的 image
環境
Linux 機器: ubuntu-1804-lts
問題
機器上已有 docker image (k8stest),但建立 Pod 時,仍抓不到 image,顯示ErrImagePull
透過 deployment 設定 imagePullPolicy = Never 仍然也顯示 ErrImageNeverPull
# 建立 Pod
kubectl run k8stest --image=k8stest:latest --port=8080
# 查看 Pod => 發現狀態異常
kubectl get pod
NAME READY STATUS RESTARTS AGE
k8stest 0/1 ErrImagePull 0 2s
# kubectl describe pod k8stest
...略
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 116s default-scheduler Successfully assigned default/k8stest to worker-2
Normal Pulling 27s (x4 over 116s) kubelet Pulling image "k8stest:latest"
Warning Failed 26s (x4 over 114s) kubelet Failed to pull image "k8stest:latest": failed to pull and unpack image "docker.io/library/k8stest:latest": failed to resolve reference "docker.io/library/k8stest:latest": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
Warning Failed 26s (x4 over 114s) kubelet Error: ErrImagePull
Normal BackOff 0s (x6 over 114s) kubelet Back-off pulling image "k8stest:latest"
Warning Failed 0s (x6 over 114s) kubelet Error: ImagePullBackOff
解決方法
# 建立 image 檔案
docker save k8stest -o k8stest.tar
# 匯入
ctr -n=k8s.io images import k8stest.tar
# 查看
crictl images
IMAGE TAG IMAGE ID SIZE
docker.io/calico/cni v3.25.0 d70a5947d57e5 88MB
docker.io/calico/kube-controllers v3.25.0 5e785d005ccc1 31.3MB
docker.io/calico/node v3.25.0 08616d26b8e74 87.2MB
docker.io/library/k8stest latest 5d39204f52f81 224MB
registry.k8s.io/coredns/coredns v1.10.1 ead0a4a53df89 16.2MB
registry.k8s.io/etcd 3.5.12-0 3861cfcd7c04c 57.2MB
registry.k8s.io/kube-apiserver v1.28.9 69947457eaa42 34.7MB
registry.k8s.io/kube-controller-manager v1.28.9 8981bddce6670 33.5MB
registry.k8s.io/kube-proxy v1.28.9 09c5e1abe5922 28.1MB
registry.k8s.io/kube-scheduler v1.28.9 f264907bfc5be 18.7MB
registry.k8s.io/pause 3.8 4873874c08efc 311kB
registry.k8s.io/pause 3.9 e6f1816883972 322kB
備註
crictl images
若出現異常
ERRO[0000] validate service connection: validate CRI v1 image API for endpoint "unix:///var/run/dockershim.sock": rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial unix /var/run/dockershim.sock: connect: no such file or directory"
執行
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
參考:
https://github.com/kubernetes-sigs/cri-tools/issues/153
缺點
若是K8S機器叢集,需要每個節點都匯入一次 Image
建議還是存放在 Docker Registry 較方便管理、使用
Sample deployment.yaml
- imagePullPolicy
| Value | 說明 |
|---|---|
| Never | 不拉取遠端Image |
| IfNotPresent | 若本地沒有Image,則拉取遠端Image |
| Always | 拉取遠端Image |
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-test-deployment
spec:
replicas: 3
selector:
matchLabels:
app: k8s-test-pod
template:
metadata:
labels:
app: k8s-test-pod
spec:
containers:
- name: web
image: k8stest:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /healthcheck
port: 8080
參考資料
- How to fix “Failed to pull image” on microk8s
- How to use local docker images in kubernetes deployments (NOT minikube)
轉載請註明來源,若有任何錯誤或表達不清楚的地方,歡迎在下方評論區留言,也可以來信至 leozheng0621@gmail.com
如果文章對您有幫助,歡迎斗內(donate),請我喝杯咖啡
