更新kubernetes pod时无法拉取和解压缩镜像“registry.k8s.io/pause:3.6“

ibps3vxo  于 12个月前  发布在  Kubernetes
关注(0)|答案(1)|浏览(345)

当我更新kubernetes(v1.28.3)镜像时,我发现pod无法获取暂停镜像:

│   Warning  FailedCreatePodSandBox  10m                    kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "registry.k8s.io/pause:3.6": fail │
│ ed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head "https://u │
│ s-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 142.251.8.82:443: i/o timeout                                                                                          │
│   Warning  FailedCreatePodSandBox  6m20s                  kubelet            Failed to create pod sandbox: rpc error: code = DeadlineExceeded desc = failed to get sandbox image "registry.k8s.io/pause:3 │
│ .6": failed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head " │
│ https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 173.194.174.82:443: i/o timeout                                                                               │
│   Warning  FailedCreatePodSandBox  3m23s                  kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "registry.k8s.io/pause:3.6": fail │
│ ed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head "https://u │
│ s-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 173.194.174.82:443: i/o timeout                                                                                        │
│   Warning  FailedCreatePodSandBox  2m38s (x4 over 8m30s)  kubelet            Failed to create pod sandbox: rpc error: code = DeadlineExceeded desc = failed to get sandbox image "registry.k8s.io/pause:3 │
│ .6": failed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head " │
│ https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 142.251.8.82:443: i/o timeout                                                                                 │
│   Warning  FailedCreatePodSandBox  115s                   kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "registry.k8s.io/pause:3.6": fail │
│ ed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head "https://u │
│ s-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 64.233.188.82:443: i/o timeout                                                                                         │
│   Warning  FailedCreatePodSandBox  28s (x9 over 12m)      kubelet            Failed to create pod sandbox: rpc error: code = DeadlineExceeded desc = failed to get sandbox image "registry.k8s.io/pause:3 │
│ .6": failed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head " │
│ https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 64.233.188.82:443: i/o timeout

字符串
我已经尝试过这样的图像:

ctr -n=k8s.io image pull k8s.m.daocloud.io/pause:3.6
ctr -n=k8s.io images tag k8s.m.daocloud.io/pause:3.6 registry.k8s.io/pause:3.6


这种方式工作了一段时间,当我下次更新pod时,错误将再次出现。我应该怎么做才能永久修复这个问题?

v2g6jxz6

v2g6jxz61#

看起来错误的根本原因是**/var partition可能有足够的可用空间(使用df -h检查),但在升级过程中,一旦加载新版本映像,但在删除旧版本映像之前,它可能会超过80%。这是问题的主要来源。
因此,Kubernetes可能会
“清理”“垃圾收集”它标识为未使用的图像,包括必要但不活动的“暂停”**图像。

  • blog by Richard Durso:**

要释放磁盘空间,请使用命令**crictl images -prune,**有时它可能不会清除正在使用的所有内容。它甚至会清除Kubernetes暂停容器映像。

kubelet标志定义为:
image-gc-high-threshold:触发镜像垃圾回收的磁盘使用百分比,默认为85%。
**image-gc-low-threshold:**镜像垃圾回收尝试释放的磁盘使用率百分比,默认为80%。

配置Kubernetes应该是您维护磁盘空间的主要方式。但是,您仍然会偶尔使用CRI脚本来查看缓存了哪些镜像,并在需要时手动执行,例如在应用Ubuntu补丁之前进行节点维护时。
您可以尝试将**ImagePullPolicy设置为 IfNotPresent*(spec.containers.imagePullPolicy: "ifNotPresent“),以确保仅在节点上尚未存在容器镜像时才从注册表中拉取容器镜像。这有助于开始使用本地镜像缓存,并防止未经授权的镜像部署到您的集群。

相关问题