Dell NativeEdge:嘗試為 NativeEdge 部署部署 Calico 時,如何解決提取速率限制
Resumen: 本文概述如何使用 Docker Hub 進行身份驗證,以避免下載速率限制問題。
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Síntomas
若為 NativeEdge Orchestrator 2.1.0.0,建議使用 Calico 作為容器網路介面 (CNI)安裝
Calico 的修改說明包含在 NativeEdge Orchestrator 部署指南中。但是,在 Calico 的安裝過程中,它會從 Docker Hub 下載。Docker Hub 實現了下載速率限制,這可能會在安裝 Calico 期間遇到。(有關速率限制的更多詳細資訊,請參閱 docker.com。
當使用者在安裝後列出 pod 時,使用者可以看到 calico pod 位於 Init:ImagePullBackOff 中,這表示下載容器時發生問題。
當我們描述 calico-node pod 時,可以進一步看到這一點
從上面可以看到,容器無法下載,因為:“
太多請求 - 伺服器消息:toomanyrequests:您已達到提取速率限制。您可透過驗證與升級來增加限制:https://www.docker.com/increase-rate-limit」
Calico 的修改說明包含在 NativeEdge Orchestrator 部署指南中。但是,在 Calico 的安裝過程中,它會從 Docker Hub 下載。Docker Hub 實現了下載速率限制,這可能會在安裝 Calico 期間遇到。(有關速率限制的更多詳細資訊,請參閱 docker.com。
當使用者在安裝後列出 pod 時,使用者可以看到 calico pod 位於 Init:ImagePullBackOff 中,這表示下載容器時發生問題。
#kubectl get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system local-path-provisioner-957fdf8bc-cl2nl 0/1 Pending 0 6m50s kube-system metrics-server-648b5df564-bncjh 0/1 Pending 0 6m50s kube-system coredns-77ccd57875-cng6c 0/1 Pending 0 6m50s kube-system calico-kube-controllers-67c64d8b8f-p868c 0/1 Pending 0 6m39s kube-system calico-node-6q82x 0/1 Init:ImagePullBackOff 0 6m37s
當我們描述 calico-node pod 時,可以進一步看到這一點
#kubectl describe pod calico-node-6q82x -n kube-system Name: calico-node-xscmk Namespace: kube-system .. Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 2m4s default-scheduler Successfully assigned kube-system/calico-node-xscmk to sre08129 Warning Failed 81s (x2 over 2m2s) kubelet Failed to pull image "docker.io/calico/cni:v3.28.0": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/calico/cni:v3.28.0": failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/calico/cni/manifests/sha256:7a3a5cf6c79243ba2de9eef8cb20fac7c46ef75b858956b9884b0ce87b9a354d: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit Normal Pulling 41s (x4 over 2m3s) kubelet Pulling image "docker.io/calico/cni:v3.28.0" Warning Failed 40s (x2 over 106s) kubelet Failed to pull image "docker.io/calico/cni:v3.28.0": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/calico/cni:v3.28.0": failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/calico/cni/manifests/sha256:cef0c907b8f4cadc63701d371e6f24d325795bcf0be84d6a517e33000ff35f70: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit Warning Failed 40s (x4 over 2m2s) kubelet Error: ErrImagePull Normal BackOff 13s (x6 over 2m1s) kubelet Back-off pulling image "docker.io/calico/cni:v3.28.0" Warning Failed 13s (x6 over 2m1s) kubelet Error: ImagePullBackOff
從上面可以看到,容器無法下載,因為:“
太多請求 - 伺服器消息:toomanyrequests:您已達到提取速率限制。您可透過驗證與升級來增加限制:https://www.docker.com/increase-rate-limit」
Causa
此問題是因為 dockerhub 設定的提取速率限制而發生 - 請參閱 https://www.docker.com/increase-rate-limit 以取得詳細資料。
Resolución
如果使用者使用經過身份驗證的 docker 中心帳戶,則意味著使用者可以具有更高的個人拉取速率限制。
- 在 docker.io 上建立帳戶
- 在 kube-system 命名空間中創建一個金鑰。此示例使用用於在 docker.io 上註冊帳戶的憑據創建一個名為 regcred 的機密
kubectl create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username=dockeriousername --docker-password=dockeriopassword --docker-email=emailusertoregsisterondockerio --namespace="kube-system"
- 使用者必須編輯 calico.yaml 才能使用剛剛建立的金鑰 (regcred)。
- 在 template.spec 中,使用者必須包括以下內容:
imagePullSecrets: - name: regcred- 這裡是一個真實的例子供參考
spec: selector: matchLabels: k8s-app: calico-node ... template: metadata: labels: k8s-app: calico-node spec: nodeSelector: ... hostNetwork: true tolerations: ... serviceAccountName: calico-node ... initContainers: ... imagePullSecrets: - name: regcred - 重要:只有 calico-node 範本需要新增 imagePullSecrets 功能。
- 這裡是一個真實的例子供參考
- 變更後套用 calico.yaml
kubectl apply -f calico.yaml poddisruptionbudget.policy/calico-kube-controllers created serviceaccount/calico-kube-controllers created serviceaccount/calico-node created serviceaccount/calico-cni-plugin created configmap/calico-config created customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/bgpfilters.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created clusterrole.rbac.authorization.k8s.io/calico-node created clusterrole.rbac.authorization.k8s.io/calico-cni-plugin created clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created clusterrolebinding.rbac.authorization.k8s.io/calico-node created clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin created daemonset.apps/calico-node created deployment.apps/calico-kube-controllers created
- 使用者應會看到 kubernetes 叢集成功啟動並執行。
kubectl get po -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system local-path-provisioner-957fdf8bc-x5bn6 1/1 Running 0 22h kube-system coredns-77ccd57875-hf82q 1/1 Running 0 22h kube-system calico-kube-controllers-8498bff86b-tprzt 1/1 Running 0 9m18s kube-system calico-node-pxwqm 1/1 Running 0 9m18s kube-system metrics-server-648b5df564-xdh4h 1/1 Running 0 22h
Productos afectados
NativeEdge Solutions, NativeEdgePropiedades del artículo
Número del artículo: 000225940
Tipo de artículo: Solution
Última modificación: 01 oct 2024
Versión: 4
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.