一、问题A:
CreatePodSandbox for pod "nginx-d6q66_default(188ed56b-c84b-416e-94c2-c9bde7293b68)" failed: rpc error: code = Unknown desc = failed to get sandbox image "xxxxx/pause-amd64:3.1"
检查发现K8S集群部署在内网,该环境下K8S无法pull 特殊镜像pause-amd64:3.1,该镜像为K8S基础设施的一部分。内网环境解决该问题方案如下:
在连接外网的机器上,search该镜像:
docker search pause-amd64 --no-trunc
再pull相关tag版本的镜像:
docker pull warrior/pause-amd64:3.0
将该镜像进行tar打包:
docker save -o pause-amd64.tar warrior/pause-amd64:3.0
将该tar包镜像上传至K8S集群内各个work节点以及master节点,并依次在各个节点导入该镜像,执行:
ctr -n k8s.io images import pause-amd64.tar crictl images
编辑config.toml,修改sandbox_image为docker.io/warrior/pause-amd64:3.0
vi /etc/containerd/config.toml [plugins] [plugins."io.containerd.grpc.v1.cri"] sandbox_image = "docker.io/warrior/pause-amd64:3.0" [plugins."io.containerd.grpc.v1.cri".cni] bin_dir = "/data/k8s/bin" conf_dir = "/etc/cni/net.d" [plugins."io.containerd.runtime.v1.linux"] shim = "containerd-shim" runtime = "runc" runtime_root = "" no_shim = false shim_debug = false
重启Containerd:
systemctl restart containerd
二、问题B:
failed to pull and unpack image
各个节点本地已下载nginx镜像,但执行kubectl apply -f nginx-ds.yml ,报错:failed to pull and unpack image
查看nginx-ds.yml 文件,K8S 有三种策略拉取镜像:
Always 总是拉取镜像
IfNotPresent 本地有则使用本地镜像,不拉取
Never 只使用本地镜像,从不拉取,即使本地没有
如果省略imagePullPolicy 镜像tag为 :latest 策略为always ,否则 策略为 IfNotPresent
因此需要修改yml文件如下:
containers:
- name: test
image: nginx:latest
imagePullPolicy: IfNotPresent