当我更新kubernetes(v1.28.3
)镜像时,我发现pod无法获取暂停镜像:
│ Warning FailedCreatePodSandBox 10m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "registry.k8s.io/pause:3.6": fail │
│ ed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head "https://u │
│ s-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 142.251.8.82:443: i/o timeout │
│ Warning FailedCreatePodSandBox 6m20s kubelet Failed to create pod sandbox: rpc error: code = DeadlineExceeded desc = failed to get sandbox image "registry.k8s.io/pause:3 │
│ .6": failed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head " │
│ https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 173.194.174.82:443: i/o timeout │
│ Warning FailedCreatePodSandBox 3m23s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "registry.k8s.io/pause:3.6": fail │
│ ed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head "https://u │
│ s-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 173.194.174.82:443: i/o timeout │
│ Warning FailedCreatePodSandBox 2m38s (x4 over 8m30s) kubelet Failed to create pod sandbox: rpc error: code = DeadlineExceeded desc = failed to get sandbox image "registry.k8s.io/pause:3 │
│ .6": failed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head " │
│ https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 142.251.8.82:443: i/o timeout │
│ Warning FailedCreatePodSandBox 115s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "registry.k8s.io/pause:3.6": fail │
│ ed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head "https://u │
│ s-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 64.233.188.82:443: i/o timeout │
│ Warning FailedCreatePodSandBox 28s (x9 over 12m) kubelet Failed to create pod sandbox: rpc error: code = DeadlineExceeded desc = failed to get sandbox image "registry.k8s.io/pause:3 │
│ .6": failed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head " │
│ https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 64.233.188.82:443: i/o timeout
字符串
我已经尝试过这样的图像:
ctr -n=k8s.io image pull k8s.m.daocloud.io/pause:3.6
ctr -n=k8s.io images tag k8s.m.daocloud.io/pause:3.6 registry.k8s.io/pause:3.6
型
这种方式工作了一段时间,当我下次更新pod时,错误将再次出现。我应该怎么做才能永久修复这个问题?
1条答案
按热度按时间v2g6jxz61#
看起来错误的根本原因是**/var partition可能有足够的可用空间(使用df -h检查),但在升级过程中,一旦加载新版本映像,但在删除旧版本映像之前,它可能会超过80%。这是问题的主要来源。
因此,Kubernetes可能会“清理”或“垃圾收集”它标识为未使用的图像,包括必要但不活动的“暂停”**图像。
要释放磁盘空间,请使用命令**crictl images -prune,**有时它可能不会清除正在使用的所有内容。它甚至会清除Kubernetes暂停容器映像。
kubelet标志定义为:
image-gc-high-threshold:触发镜像垃圾回收的磁盘使用百分比,默认为85%。
**image-gc-low-threshold:**镜像垃圾回收尝试释放的磁盘使用率百分比,默认为80%。
配置Kubernetes应该是您维护磁盘空间的主要方式。但是,您仍然会偶尔使用CRI脚本来查看缓存了哪些镜像,并在需要时手动执行,例如在应用Ubuntu补丁之前进行节点维护时。
您可以尝试将**ImagePullPolicy设置为 IfNotPresent*(
spec.containers.imagePullPolicy: "ifNotPresent
“),以确保仅在节点上尚未存在容器镜像时才从注册表中拉取容器镜像。这有助于开始使用本地镜像缓存,并防止未经授权的镜像部署到您的集群。