Dell NativeEdge:如何解决尝试为 NativeEdge 部署部署 Calico 时的拉取速率限制
摘要: 本文概述了如何使用 Docker Hub 进行身份验证以避免下载速率限制问题。
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
症状
对于 NativeEdge Orchestrator 2.1.0.0,建议使用 Calico 作为容器网络接口 (CNI)。
有关安装 Calico 的修改说明,请参阅《NativeEdge Orchestrator 部署指南》。但是,在 Calico 的安装过程中,它会从 Docker Hub 下载。Docker Hub 实施了下载速率限制,在安装 Calico 期间可能会遇到这种情况。(有关费率限制的更多详细信息,请参阅 docker.com。
当用户在安装后列出 Pod 时,用户可以看到 calico Pod 处于 Init:ImagePullBackOff 中,这表明下载容器存在问题。
当我们描述印花布节点 pod 时,可以进一步看到这一点
从上面可以看出,pod 下载失败,原因是:“
Too Many Requests - Server message: toomanyrequests:您已达到拉动速率限制。您可以通过身份验证和升级来增加限制: https://www.docker.com/increase-rate-limit”
有关安装 Calico 的修改说明,请参阅《NativeEdge Orchestrator 部署指南》。但是,在 Calico 的安装过程中,它会从 Docker Hub 下载。Docker Hub 实施了下载速率限制,在安装 Calico 期间可能会遇到这种情况。(有关费率限制的更多详细信息,请参阅 docker.com。
当用户在安装后列出 Pod 时,用户可以看到 calico Pod 处于 Init:ImagePullBackOff 中,这表明下载容器存在问题。
#kubectl get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system local-path-provisioner-957fdf8bc-cl2nl 0/1 Pending 0 6m50s kube-system metrics-server-648b5df564-bncjh 0/1 Pending 0 6m50s kube-system coredns-77ccd57875-cng6c 0/1 Pending 0 6m50s kube-system calico-kube-controllers-67c64d8b8f-p868c 0/1 Pending 0 6m39s kube-system calico-node-6q82x 0/1 Init:ImagePullBackOff 0 6m37s
当我们描述印花布节点 pod 时,可以进一步看到这一点
#kubectl describe pod calico-node-6q82x -n kube-system Name: calico-node-xscmk Namespace: kube-system .. Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 2m4s default-scheduler Successfully assigned kube-system/calico-node-xscmk to sre08129 Warning Failed 81s (x2 over 2m2s) kubelet Failed to pull image "docker.io/calico/cni:v3.28.0": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/calico/cni:v3.28.0": failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/calico/cni/manifests/sha256:7a3a5cf6c79243ba2de9eef8cb20fac7c46ef75b858956b9884b0ce87b9a354d: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit Normal Pulling 41s (x4 over 2m3s) kubelet Pulling image "docker.io/calico/cni:v3.28.0" Warning Failed 40s (x2 over 106s) kubelet Failed to pull image "docker.io/calico/cni:v3.28.0": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/calico/cni:v3.28.0": failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/calico/cni/manifests/sha256:cef0c907b8f4cadc63701d371e6f24d325795bcf0be84d6a517e33000ff35f70: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit Warning Failed 40s (x4 over 2m2s) kubelet Error: ErrImagePull Normal BackOff 13s (x6 over 2m1s) kubelet Back-off pulling image "docker.io/calico/cni:v3.28.0" Warning Failed 13s (x6 over 2m1s) kubelet Error: ImagePullBackOff
从上面可以看出,pod 下载失败,原因是:“
Too Many Requests - Server message: toomanyrequests:您已达到拉动速率限制。您可以通过身份验证和升级来增加限制: https://www.docker.com/increase-rate-limit”
原因
此问题是由于 dockerhub 设置的拉入速率限制造成的 - 有关详细信息,请参阅 https://www.docker.com/increase-rate-limit 。
解决方案
如果用户使用经过身份验证的 docker hub 帐户,则意味着用户可以具有更高的单个拉入速率限制。
- 在 docker.io 上创建帐户
- 在 kube-system 命名空间中创建密钥。此示例使用用于在 docker.io 上注册帐户的凭据创建名为 regcred 的密码
kubectl create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username=dockeriousername --docker-password=dockeriopassword --docker-email=emailusertoregsisterondockerio --namespace="kube-system"
- 用户必须编辑 calico.yaml 才能使用刚刚创建的密钥 (regcred)。
- 在 template.spec 中,用户必须包括以下内容:
imagePullSecrets: - name: regcred- 这里是一个真实的例子,供参考
spec: selector: matchLabels: k8s-app: calico-node ... template: metadata: labels: k8s-app: calico-node spec: nodeSelector: ... hostNetwork: true tolerations: ... serviceAccountName: calico-node ... initContainers: ... imagePullSecrets: - name: regcred - 重要提示:只有 calico-node 模板需要添加 imagePullSecrets 功能。
- 这里是一个真实的例子,供参考
- 更改后应用 calico.yaml
kubectl apply -f calico.yaml poddisruptionbudget.policy/calico-kube-controllers created serviceaccount/calico-kube-controllers created serviceaccount/calico-node created serviceaccount/calico-cni-plugin created configmap/calico-config created customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/bgpfilters.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created clusterrole.rbac.authorization.k8s.io/calico-node created clusterrole.rbac.authorization.k8s.io/calico-cni-plugin created clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created clusterrolebinding.rbac.authorization.k8s.io/calico-node created clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin created daemonset.apps/calico-node created deployment.apps/calico-kube-controllers created
- 用户应看到 kubernetes 群集已成功启动并运行。
kubectl get po -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system local-path-provisioner-957fdf8bc-x5bn6 1/1 Running 0 22h kube-system coredns-77ccd57875-hf82q 1/1 Running 0 22h kube-system calico-kube-controllers-8498bff86b-tprzt 1/1 Running 0 9m18s kube-system calico-node-pxwqm 1/1 Running 0 9m18s kube-system metrics-server-648b5df564-xdh4h 1/1 Running 0 22h
受影响的产品
NativeEdge Solutions, NativeEdge文章属性
文章编号: 000225940
文章类型: Solution
上次修改时间: 01 10月 2024
版本: 4
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。