解決方法:試試通過手動下載
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
docker pull 是還是報錯
open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory
查看下redhat-ca.crt確實不存在,registry.access.redhat.com/rhel7/pod-infrastructure:latest默認是https下載。
最終解決方案:
1.docker search pod-infrastructure
2. 可使用:
docker.io docker.io/tianyebj/pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 2
3. 修改配置文件
cat /etc/kubernetes/kubelet
# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/tianyebj/pod-infrastructure:latest"
4. 重啟kubernetes服務
master:
for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do systemctl restart $SERVICES systemctl enable $SERVICES systemctl status $SERVICES done
node:
for SERVICES in kube-proxy kubelet docker; do systemctl restart $SERVICES systemctl enable $SERVICES systemctl status $SERVICES done
二、 網絡部分
yum -y install flannel
修改配置文件/etc/sysconfig/flannel
[root@host-10-0-197-18 flannel]# cat /etc/sysconfig/flanneld
# Flanneld configuration options
# etcd url location. Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://master:2379"
# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"
# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
FLANNEL_OPTIONS="-iface=eth0"
2. 配置 etcdctl
etcdctl mkdir /atomic.io/network
etcdctl mk /kube-centos/network/config "{ \"Network\": \"172.30.0.0/16\", \"SubnetLen\": 24, \"Backend\": { \"Type\": \"vxlan\" } }"
3. 重啟所有服務
三、 service account
報錯信息: Error from server (ServerTimeout): error when creating "busybox.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account
方式一:禁用ServiceAccount
編輯/etc/kubenetes/apiserver:
將以下這行中的ServiceAccount刪除即可 KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
改為: KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
這種方式比較粗暴,可能會遇到必須要用ServiceAccount的情況。
方式二:配置ServiceAccount
1、首先生成密鑰: openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048
2、編輯/etc/kubenetes/apiserver
添加以下內容: KUBE_API_ARGS="--service_account_key_file=/etc/kubernetes/serviceaccount.key"
3、再編輯/etc/kubernetes/controller-manager
添加以下內容: KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/etc/kubernetes/serviceaccount.key"
最后無論是哪種解決方式都需要再重啟kubernetes服務: systemctl restart etcd kube-apiserver kube-controller-manager kube-scheduler
#/bin/bash echo "hello"