文章
文章用户商铺快讯网址导航

小知识:解决国内k8s的ingress-nginx镜像无法正常pull拉取问题

一、问题描述

我们期望运行Ingress就必须给我们的集群创建Ingress controller

目前官方推荐的controller有:[目前支持和维护 AWS, GCE 和 nginx Ingress 控制器]

https://kubernetes.io/zh/docs/concepts/services-networking/ingress-controllers/

我们使用nginx控制器,其官网给出的配置方法如下:https://kubernetes.github.io/ingress-nginx/deploy/

# 不使用helm,使用yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/cloud/deploy.yaml

注意,不同的版本适应的k8s版本不同,详细见表格:(根据你的k8s版本选择支持的版本,替换上面的v1.1.1,我的是1.23)

Ingress-NGINX version k8s supported version Alpine Version Nginx Version v1.1.1 1.23, 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.1.0 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.0.5 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.0.4 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.0.3 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.0.2 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.0.1 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.0.0 1.22, 1.21, 1.20, 1.19 3.13.5 1.20.1 v0.50.0 1.21, 1.20, 1.19 3.14.2 1.19.9† v0.49.3 1.21, 1.20, 1.19 3.14.2 1.19.9† v0.49.2 1.21, 1.20, 1.19 3.14.2 1.19.9† v0.49.1 1.21, 1.20, 1.19 3.14.2 1.19.9† v0.49.0 1.21, 1.20, 1.19 3.13.5 1.20.1 v0.48.1 1.21, 1.20, 1.19 3.13.5 1.20.1 v0.47.0 1.21, 1.20, 1.19 3.13.5 1.20.1 v0.46.0 1.21, 1.20, 1.19 3.13.2 1.19.6

但是官方给出的yaml文件中拉取的镜像不在docker hub中,在k8s.gcr.io中,所以在国内我们拉取就会报错:ErrImagePull

%小知识:解决国内k8s的ingress-nginx镜像无法正常pull拉取问题-猿站网-插图

$ k describe pod/ingress-nginx-admission-create-8zv9w … … Events: Type Reason Age From Message —- —— —- —- ——- Normal Scheduled 16m default-scheduler Successfully assigned ingress-nginx/ingress-nginx-admissio n-create-8zv9w to node2 Normal SandboxChanged 16m kubelet Pod sandbox changed, it will be killed and re-created. Warning Failed 14m (x6 over 16m) kubelet Error: ImagePullBackOff Normal Pulling 14m (x4 over 16m) kubelet Pulling image “k8s.gcr.io/ingress-nginx/kube-webhook-certg en:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660” Warning Failed 14m (x4 over 16m) kubelet Failed to pull image “k8s.gcr.io/ingress-nginx/kube-webhoo k-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660”: rpc error: code = Unknown desc = Error response from daemon: Get “https://k8s.gcr.io/v2/”: net/http: request canceled while waiting for connection (Client.Ti meout exceeded while awaiting headers) Warning Failed 14m (x4 over 16m) kubelet Error: ErrImagePull Normal BackOff 77s (x58 over 16m) kubelet Back-off pulling image “k8s.gcr.io/ingress-nginx/kube-webh ook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660”

%小知识:解决国内k8s的ingress-nginx镜像无法正常pull拉取问题-1猿站网-插图

相同问题的issue:https://github.com/kubernetes/ingress-nginx/issues/6335

issue中官方人员说没法上传到docker hub,可能也有自己的苦衷吧。。。

%小知识:解决国内k8s的ingress-nginx镜像无法正常pull拉取问题-2猿站网-插图

二、解决方法

解决方法很简单,用国内好心人搬运到docker hub上的仓库代替

好心人的项目地址:https://github.com/anjia0532/gcr.io_mirror,对应的docker hub地址:https://hub.docker.com/u/anjia0532

%小知识:解决国内k8s的ingress-nginx镜像无法正常pull拉取问题-3猿站网-插图

还可以手动发issue让其更新,以后gcr.io或k8s.gcr.io仓库的都可以在此更换

所以,v1.1.1版本的修改过的镜像的完整yaml文件如下:(我已经帮你找好了),如果你要使用其他版本ingress控制器,请在该docker hub上自己寻找替换,如果不是最新自己发issue拉取

apiVersion: v1 kind: Namespace metadata: name: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx — # Source: ingress-nginx/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx namespace: ingress-nginx automountServiceAccountToken: true — # Source: ingress-nginx/templates/controller-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller namespace: ingress-nginx data: allow-snippet-annotations: “true” — # Source: ingress-nginx/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm name: ingress-nginx rules: – apiGroups: – “” resources: – configmaps – endpoints – nodes – pods – secrets – namespaces verbs: – list – watch – apiGroups: – “” resources: – nodes verbs: – get – apiGroups: – “” resources: – services verbs: – get – list – watch – apiGroups: – networking.k8s.io resources: – ingresses verbs: – get – list – watch – apiGroups: – “” resources: – events verbs: – create – patch – apiGroups: – networking.k8s.io resources: – ingresses/status verbs: – update – apiGroups: – networking.k8s.io resources: – ingressclasses verbs: – get – list – watch — # Source: ingress-nginx/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: ingress-nginx subjects: – kind: ServiceAccount name: ingress-nginx namespace: ingress-nginx — # Source: ingress-nginx/templates/controller-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx namespace: ingress-nginx rules: – apiGroups: – “” resources: – namespaces verbs: – get – apiGroups: – “” resources: – configmaps – pods – secrets – endpoints verbs: – get – list – watch – apiGroups: – “” resources: – services verbs: – get – list – watch – apiGroups: – networking.k8s.io resources: – ingresses verbs: – get – list – watch – apiGroups: – networking.k8s.io resources: – ingresses/status verbs: – update – apiGroups: – networking.k8s.io resources: – ingressclasses verbs: – get – list – watch – apiGroups: – “” resources: – configmaps resourceNames: – ingress-controller-leader verbs: – get – update – apiGroups: – “” resources: – configmaps verbs: – create – apiGroups: – “” resources: – events verbs: – create – patch — # Source: ingress-nginx/templates/controller-rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: ingress-nginx subjects: – kind: ServiceAccount name: ingress-nginx namespace: ingress-nginx — # Source: ingress-nginx/templates/controller-service-webhook.yaml apiVersion: v1 kind: Service metadata: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller-admission namespace: ingress-nginx spec: type: ClusterIP ports: – name: https-webhook port: 443 targetPort: webhook appProtocol: https selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller — # Source: ingress-nginx/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: annotations: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller namespace: ingress-nginx spec: type: LoadBalancer externalTrafficPolicy: Local ipFamilyPolicy: SingleStack ipFamilies: – IPv4 ports: – name: http port: 80 protocol: TCP targetPort: http appProtocol: http – name: https port: 443 protocol: TCP targetPort: https appProtocol: https selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller — # Source: ingress-nginx/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller namespace: ingress-nginx spec: selector: matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller revisionHistoryLimit: 10 minReadySeconds: 0 template: metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller spec: dnsPolicy: ClusterFirst containers: – name: controller image: anjia0532/google-containers.ingress-nginx.controller:v1.1.1 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: – /wait-shutdown args: – /nginx-ingress-controller – –publish-service=$(POD_NAMESPACE)/ingress-nginx-controller – –election-id=ingress-controller-leader – –controller-class=k8s.io/ingress-nginx – –configmap=$(POD_NAMESPACE)/ingress-nginx-controller – –validating-webhook=:8443 – –validating-webhook-certificate=/usr/local/certificates/cert – –validating-webhook-key=/usr/local/certificates/key securityContext: capabilities: drop: – ALL add: – NET_BIND_SERVICE runAsUser: 101 allowPrivilegeEscalation: true env: – name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name – name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace – name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 ports: – name: http containerPort: 80 protocol: TCP – name: https containerPort: 443 protocol: TCP – name: webhook containerPort: 8443 protocol: TCP volumeMounts: – name: webhook-cert mountPath: /usr/local/certificates/ readOnly: true resources: requests: cpu: 100m memory: 90Mi nodeSelector: kubernetes.io/os: linux serviceAccountName: ingress-nginx terminationGracePeriodSeconds: 300 volumes: – name: webhook-cert secret: secretName: ingress-nginx-admission — # Source: ingress-nginx/templates/controller-ingressclass.yaml # We don”t support namespaced ingressClass yet # So a ClusterRole and a ClusterRoleBinding is required apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: nginx namespace: ingress-nginx spec: controller: k8s.io/ingress-nginx — # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml # before changing this value, check the required kubernetes version # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook name: ingress-nginx-admission webhooks: – name: validate.nginx.ingress.kubernetes.io matchPolicy: Equivalent rules: – apiGroups: – networking.k8s.io apiVersions: – v1 operations: – CREATE – UPDATE resources: – ingresses failurePolicy: Fail sideEffects: None admissionReviewVersions: – v1 clientConfig: service: namespace: ingress-nginx name: ingress-nginx-controller-admission path: /networking/v1/ingresses — # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: ingress-nginx-admission namespace: ingress-nginx annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook — # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: ingress-nginx-admission annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook rules: – apiGroups: – admissionregistration.k8s.io resources: – validatingwebhookconfigurations verbs: – get – update — # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: ingress-nginx-admission annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: ingress-nginx-admission subjects: – kind: ServiceAccount name: ingress-nginx-admission namespace: ingress-nginx — # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: ingress-nginx-admission namespace: ingress-nginx annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook rules: – apiGroups: – “” resources: – secrets verbs: – get – create — # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: ingress-nginx-admission namespace: ingress-nginx annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: ingress-nginx-admission subjects: – kind: ServiceAccount name: ingress-nginx-admission namespace: ingress-nginx — # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml apiVersion: batch/v1 kind: Job metadata: name: ingress-nginx-admission-create namespace: ingress-nginx annotations: helm.sh/hook: pre-install,pre-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: template: metadata: name: ingress-nginx-admission-create labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: containers: – name: create image: anjia0532/google-containers.ingress-nginx.kube-webhook-certgen:v1.1.1 imagePullPolicy: IfNotPresent args: – create – –host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc – –namespace=$(POD_NAMESPACE) – –secret-name=ingress-nginx-admission env: – name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace securityContext: allowPrivilegeEscalation: false restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission nodeSelector: kubernetes.io/os: linux securityContext: runAsNonRoot: true runAsUser: 2000 — # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml apiVersion: batch/v1 kind: Job metadata: name: ingress-nginx-admission-patch namespace: ingress-nginx annotations: helm.sh/hook: post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: template: metadata: name: ingress-nginx-admission-patch labels: helm.sh/chart: ingress-nginx-4.0.15 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: containers: – name: patch image: anjia0532/google-containers.ingress-nginx.kube-webhook-certgen:v1.1.1 imagePullPolicy: IfNotPresent args: – patch – –webhook-name=ingress-nginx-admission – –namespace=$(POD_NAMESPACE) – –patch-mutating=false – –secret-name=ingress-nginx-admission – –patch-failure-policy=Fail env: – name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace securityContext: allowPrivilegeEscalation: false restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission nodeSelector: kubernetes.io/os: linux securityContext: runAsNonRoot: true runAsUser: 2000

%小知识:解决国内k8s的ingress-nginx镜像无法正常pull拉取问题-4猿站网-插图

 到此这篇关于解决国内k8s的ingress-nginx镜像无法正常pull拉取问题的文章就介绍到这了,更多相关k8s的ingress-nginx镜像无法pull拉取内容请搜索服务器之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持服务器之家!

原文地址:https://blog.csdn.net/weixin_43988498/article/details/122792536

声明: 猿站网有关资源均来自网络搜集与网友提供,任何涉及商业盈利目的的均不得使用,否则产生的一切后果将由您自己承担! 本平台资源仅供个人学习交流、测试使用 所有内容请在下载后24小时内删除,制止非法恶意传播,不对任何下载或转载者造成的危害负任何法律责任!也请大家支持、购置正版! 。本站一律禁止以任何方式发布或转载任何违法的相关信息访客发现请向站长举报,会员发帖仅代表会员个人观点,并不代表本站赞同其观点和对其真实性负责。本网站的资源部分来源于网络,如有侵权烦请发送邮件至:2697268773@qq.com进行处理。
httpsingressnginx
建站知识

小知识:linux系统下使用tcpdump进行抓包方法

2023-3-17 3:43:56

建站知识

小知识:Linux下sshd服务及服务管理命令详解

2023-3-17 3:52:13

猜你喜欢
0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索

  • 扫码打开当前页

返回顶部