开始学习kubernetes V1.6.6,但是kubernetes V1.7.0已然发布,但还是想着写搞完1.6版在学1.7,没想到1.6的变动,相比1.5的还是有大修改,在配置方面。
1、问题一:本地已然有【gcr.io/google_containers/pause-amd64:3.0】,但k8s依然要去gcr.io下载
unable to pull sandbox image \"gcr.io/google_containers/pause-amd64:3.0\": Error response from daemon:
invalid registry endpoint https://gcr.io/v0/: unable to ping registry endpoint https://gcr.io/v0/\nv2 ping attempt failed with error: Get https://gcr.io/v2/: dial tcp 74.125.204.82:443: i/o timeout\n v1 ping attempt failed with error: Get https://gcr.io/v1/_ping: dial tcp 74.125.204.82:443: i/o timeout.
[root kubernetes_yaml_v1]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos6.4_ip latest 1c1901d062dd 4 weeks ago 907.9 MBgcr.io/google_containers/pause-amd64 3.0 8e76656d5e5d 12 months ago 746.9 kB |
和之前版本较为不同,一般是先检测本地镜像是否存在,没有再去拉去
解决办法:
①、将原来的pause-amd64:3.0,重新tag过
②、将镜像push到本地的registry
③、在kubelet加上--pod-infra-container-image=www.perofu.com:7070/google_containers/pause-amd64:3.0
2、问题二:Invalid --security-opt: \"seccomp:unconfined\""
3s 1s 3 kubelet, 192.168.0.211 Warning FailedSync Error syncing pod, skipping: failed to "CreatePodSandbox" for "web-0_default(7037d6cf-7280-11e7-af67-000c299603f3)" with CreatePodSandboxError: "CreatePodSandbox for pod \"web-0_default(7037d6cf-7280-11e7-af67-000c299603f3)\" failed: rpc error: code = 2 desc = failed to create a sandbox for pod \"web-0\": Error response from daemon: Invalid --security-opt: \"seccomp:unconfined\""
搜索了很多,没看到什么解决办法,偶然测试下,发下是docker本身的问题:
[root ~]# docker version
Client version: 1.7.1 Client API version: 1.19 Go version (client): go1.4.2 Git commit (client): 786b29d OS/Arch (client): linux/amd64 Server version: 1.7.1Server API version: 1.19 Go version (server): go1.4.2 Git commit (server): 786b29d OS/Arch (server): linux/amd64[root ~]# docker run -d --security-opt seccomp=unconfined 8e76656d5e5d
Error response from daemon: Invalid --security-opt: "seccomp=unconfined"虽然kube 1.6是支持docker-engine-1.7的API,但是就【--security-opt seccomp=unconfined】不行
之前遇到过的是,新的k8s版本完全不支持docker api【 Kubernetes 1.2 就是这样的】,现在是支持api,但不支持某个功能
解决:升级Docker版本,目前升级到docker-engine-1.12,正常
3、总结【K8s V1.6之后的版本】:
①、etcd 需要安装v3以上的版本
②、pause-amd64镜像,需要在kubelet加上--pod-infra-container-image
③、docker需要支持--security-opt: "seccomp=unconfined",不行就更新Docker版本。
如有错误,还望指正。