Dell NativeEdge:嘗試為 NativeEdge 部署部署 Calico 時,如何解決提取速率限制
Summary: 本文概述如何使用 Docker Hub 進行身份驗證,以避免下載速率限制問題。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
若為 NativeEdge Orchestrator 2.1.0.0,建議使用 Calico 作為容器網路介面 (CNI)安裝
Calico 的修改說明包含在 NativeEdge Orchestrator 部署指南中。但是,在 Calico 的安裝過程中,它會從 Docker Hub 下載。Docker Hub 實現了下載速率限制,這可能會在安裝 Calico 期間遇到。(有關速率限制的更多詳細資訊,請參閱 docker.com。
當使用者在安裝後列出 pod 時,使用者可以看到 calico pod 位於 Init:ImagePullBackOff 中,這表示下載容器時發生問題。
當我們描述 calico-node pod 時,可以進一步看到這一點
從上面可以看到,容器無法下載,因為:“
太多請求 - 伺服器消息:toomanyrequests:您已達到提取速率限制。您可透過驗證與升級來增加限制:https://www.docker.com/increase-rate-limit」
Calico 的修改說明包含在 NativeEdge Orchestrator 部署指南中。但是,在 Calico 的安裝過程中,它會從 Docker Hub 下載。Docker Hub 實現了下載速率限制,這可能會在安裝 Calico 期間遇到。(有關速率限制的更多詳細資訊,請參閱 docker.com。
當使用者在安裝後列出 pod 時,使用者可以看到 calico pod 位於 Init:ImagePullBackOff 中,這表示下載容器時發生問題。
#kubectl get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system local-path-provisioner-957fdf8bc-cl2nl 0/1 Pending 0 6m50s kube-system metrics-server-648b5df564-bncjh 0/1 Pending 0 6m50s kube-system coredns-77ccd57875-cng6c 0/1 Pending 0 6m50s kube-system calico-kube-controllers-67c64d8b8f-p868c 0/1 Pending 0 6m39s kube-system calico-node-6q82x 0/1 Init:ImagePullBackOff 0 6m37s
當我們描述 calico-node pod 時,可以進一步看到這一點
#kubectl describe pod calico-node-6q82x -n kube-system Name: calico-node-xscmk Namespace: kube-system .. Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 2m4s default-scheduler Successfully assigned kube-system/calico-node-xscmk to sre08129 Warning Failed 81s (x2 over 2m2s) kubelet Failed to pull image "docker.io/calico/cni:v3.28.0": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/calico/cni:v3.28.0": failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/calico/cni/manifests/sha256:7a3a5cf6c79243ba2de9eef8cb20fac7c46ef75b858956b9884b0ce87b9a354d: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit Normal Pulling 41s (x4 over 2m3s) kubelet Pulling image "docker.io/calico/cni:v3.28.0" Warning Failed 40s (x2 over 106s) kubelet Failed to pull image "docker.io/calico/cni:v3.28.0": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/calico/cni:v3.28.0": failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/calico/cni/manifests/sha256:cef0c907b8f4cadc63701d371e6f24d325795bcf0be84d6a517e33000ff35f70: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit Warning Failed 40s (x4 over 2m2s) kubelet Error: ErrImagePull Normal BackOff 13s (x6 over 2m1s) kubelet Back-off pulling image "docker.io/calico/cni:v3.28.0" Warning Failed 13s (x6 over 2m1s) kubelet Error: ImagePullBackOff
從上面可以看到,容器無法下載,因為:“
太多請求 - 伺服器消息:toomanyrequests:您已達到提取速率限制。您可透過驗證與升級來增加限制:https://www.docker.com/increase-rate-limit」
Cause
此問題是因為 dockerhub 設定的提取速率限制而發生 - 請參閱 https://www.docker.com/increase-rate-limit 以取得詳細資料。
Resolution
如果使用者使用經過身份驗證的 docker 中心帳戶,則意味著使用者可以具有更高的個人拉取速率限制。
- 在 docker.io 上建立帳戶
- 在 kube-system 命名空間中創建一個金鑰。此示例使用用於在 docker.io 上註冊帳戶的憑據創建一個名為 regcred 的機密
kubectl create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username=dockeriousername --docker-password=dockeriopassword --docker-email=emailusertoregsisterondockerio --namespace="kube-system"
- 使用者必須編輯 calico.yaml 才能使用剛剛建立的金鑰 (regcred)。
- 在 template.spec 中,使用者必須包括以下內容:
imagePullSecrets: - name: regcred- 這裡是一個真實的例子供參考
spec: selector: matchLabels: k8s-app: calico-node ... template: metadata: labels: k8s-app: calico-node spec: nodeSelector: ... hostNetwork: true tolerations: ... serviceAccountName: calico-node ... initContainers: ... imagePullSecrets: - name: regcred - 重要:只有 calico-node 範本需要新增 imagePullSecrets 功能。
- 這裡是一個真實的例子供參考
- 變更後套用 calico.yaml
kubectl apply -f calico.yaml poddisruptionbudget.policy/calico-kube-controllers created serviceaccount/calico-kube-controllers created serviceaccount/calico-node created serviceaccount/calico-cni-plugin created configmap/calico-config created customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/bgpfilters.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created clusterrole.rbac.authorization.k8s.io/calico-node created clusterrole.rbac.authorization.k8s.io/calico-cni-plugin created clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created clusterrolebinding.rbac.authorization.k8s.io/calico-node created clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin created daemonset.apps/calico-node created deployment.apps/calico-kube-controllers created
- 使用者應會看到 kubernetes 叢集成功啟動並執行。
kubectl get po -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system local-path-provisioner-957fdf8bc-x5bn6 1/1 Running 0 22h kube-system coredns-77ccd57875-hf82q 1/1 Running 0 22h kube-system calico-kube-controllers-8498bff86b-tprzt 1/1 Running 0 9m18s kube-system calico-node-pxwqm 1/1 Running 0 9m18s kube-system metrics-server-648b5df564-xdh4h 1/1 Running 0 22h
Affected Products
NativeEdge Solutions, NativeEdgeArticle Properties
Article Number: 000225940
Article Type: Solution
Last Modified: 01 Oct 2024
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.