Dell NativeEdge:如何解决尝试为 NativeEdge 部署部署 Calico 时的拉取速率限制
Summary: 本文概述了如何使用 Docker Hub 进行身份验证以避免下载速率限制问题。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
对于 NativeEdge Orchestrator 2.1.0.0,建议使用 Calico 作为容器网络接口 (CNI)。
有关安装 Calico 的修改说明,请参阅《NativeEdge Orchestrator 部署指南》。但是,在 Calico 的安装过程中,它会从 Docker Hub 下载。Docker Hub 实施了下载速率限制,在安装 Calico 期间可能会遇到这种情况。(有关费率限制的更多详细信息,请参阅 docker.com。
当用户在安装后列出 Pod 时,用户可以看到 calico Pod 处于 Init:ImagePullBackOff 中,这表明下载容器存在问题。
当我们描述印花布节点 pod 时,可以进一步看到这一点
从上面可以看出,pod 下载失败,原因是:“
Too Many Requests - Server message: toomanyrequests:您已达到拉动速率限制。您可以通过身份验证和升级来增加限制: https://www.docker.com/increase-rate-limit”
有关安装 Calico 的修改说明,请参阅《NativeEdge Orchestrator 部署指南》。但是,在 Calico 的安装过程中,它会从 Docker Hub 下载。Docker Hub 实施了下载速率限制,在安装 Calico 期间可能会遇到这种情况。(有关费率限制的更多详细信息,请参阅 docker.com。
当用户在安装后列出 Pod 时,用户可以看到 calico Pod 处于 Init:ImagePullBackOff 中,这表明下载容器存在问题。
#kubectl get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system local-path-provisioner-957fdf8bc-cl2nl 0/1 Pending 0 6m50s kube-system metrics-server-648b5df564-bncjh 0/1 Pending 0 6m50s kube-system coredns-77ccd57875-cng6c 0/1 Pending 0 6m50s kube-system calico-kube-controllers-67c64d8b8f-p868c 0/1 Pending 0 6m39s kube-system calico-node-6q82x 0/1 Init:ImagePullBackOff 0 6m37s
当我们描述印花布节点 pod 时,可以进一步看到这一点
#kubectl describe pod calico-node-6q82x -n kube-system Name: calico-node-xscmk Namespace: kube-system .. Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 2m4s default-scheduler Successfully assigned kube-system/calico-node-xscmk to sre08129 Warning Failed 81s (x2 over 2m2s) kubelet Failed to pull image "docker.io/calico/cni:v3.28.0": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/calico/cni:v3.28.0": failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/calico/cni/manifests/sha256:7a3a5cf6c79243ba2de9eef8cb20fac7c46ef75b858956b9884b0ce87b9a354d: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit Normal Pulling 41s (x4 over 2m3s) kubelet Pulling image "docker.io/calico/cni:v3.28.0" Warning Failed 40s (x2 over 106s) kubelet Failed to pull image "docker.io/calico/cni:v3.28.0": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/calico/cni:v3.28.0": failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/calico/cni/manifests/sha256:cef0c907b8f4cadc63701d371e6f24d325795bcf0be84d6a517e33000ff35f70: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit Warning Failed 40s (x4 over 2m2s) kubelet Error: ErrImagePull Normal BackOff 13s (x6 over 2m1s) kubelet Back-off pulling image "docker.io/calico/cni:v3.28.0" Warning Failed 13s (x6 over 2m1s) kubelet Error: ImagePullBackOff
从上面可以看出,pod 下载失败,原因是:“
Too Many Requests - Server message: toomanyrequests:您已达到拉动速率限制。您可以通过身份验证和升级来增加限制: https://www.docker.com/increase-rate-limit”
Cause
此问题是由于 dockerhub 设置的拉入速率限制造成的 - 有关详细信息,请参阅 https://www.docker.com/increase-rate-limit 。
Resolution
如果用户使用经过身份验证的 docker hub 帐户,则意味着用户可以具有更高的单个拉入速率限制。
- 在 docker.io 上创建帐户
- 在 kube-system 命名空间中创建密钥。此示例使用用于在 docker.io 上注册帐户的凭据创建名为 regcred 的密码
kubectl create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username=dockeriousername --docker-password=dockeriopassword --docker-email=emailusertoregsisterondockerio --namespace="kube-system"
- 用户必须编辑 calico.yaml 才能使用刚刚创建的密钥 (regcred)。
- 在 template.spec 中,用户必须包括以下内容:
imagePullSecrets: - name: regcred- 这里是一个真实的例子,供参考
spec: selector: matchLabels: k8s-app: calico-node ... template: metadata: labels: k8s-app: calico-node spec: nodeSelector: ... hostNetwork: true tolerations: ... serviceAccountName: calico-node ... initContainers: ... imagePullSecrets: - name: regcred - 重要提示:只有 calico-node 模板需要添加 imagePullSecrets 功能。
- 这里是一个真实的例子,供参考
- 更改后应用 calico.yaml
kubectl apply -f calico.yaml poddisruptionbudget.policy/calico-kube-controllers created serviceaccount/calico-kube-controllers created serviceaccount/calico-node created serviceaccount/calico-cni-plugin created configmap/calico-config created customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/bgpfilters.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created clusterrole.rbac.authorization.k8s.io/calico-node created clusterrole.rbac.authorization.k8s.io/calico-cni-plugin created clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created clusterrolebinding.rbac.authorization.k8s.io/calico-node created clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin created daemonset.apps/calico-node created deployment.apps/calico-kube-controllers created
- 用户应看到 kubernetes 群集已成功启动并运行。
kubectl get po -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system local-path-provisioner-957fdf8bc-x5bn6 1/1 Running 0 22h kube-system coredns-77ccd57875-hf82q 1/1 Running 0 22h kube-system calico-kube-controllers-8498bff86b-tprzt 1/1 Running 0 9m18s kube-system calico-node-pxwqm 1/1 Running 0 9m18s kube-system metrics-server-648b5df564-xdh4h 1/1 Running 0 22h
Affected Products
NativeEdge Solutions, NativeEdgeArticle Properties
Article Number: 000225940
Article Type: Solution
Last Modified: 01 Oct 2024
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.