使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post
關於 re:Post

如何對 Amazon EKS 中的 Pod 狀態 ErrImagePull 和 ImagePullBackoff 錯誤進行疑難排解?

4 分的閱讀內容
0

我的 Amazon Elastic Kubernetes Service (Amazon EKS) Pod 狀態處於 ErrImagePull 或 ImagePullBackoff 狀態。

簡短描述

如果您執行 kubectl 命令 get pods 並且您的 Pod 處於 ImagePullBackOff 狀態,則 Pod 無法正確運行。ImagePullBackOff 狀態表示容器無法啟動,因為無法擷取或拉取映像。若要對此問題進行疑難排解,請使用下列解決方法。

如需詳細資訊,請參閱 Amazon EKS 連接器 Pod 處於 ImagePullBackOff 狀態

解決方法

確認映像資訊

使用下列步驟確認 Pod 狀態錯誤訊息,並驗證映像名稱、標籤和安全散列算法 (SHA) 是否正確:

  1. 若要取得 Pod 狀態,請執行下列命令:

    $ kubectl get pods -n defaultNAME                              READY   STATUS             RESTARTS   AGE
nginx-7cdbb5f49f-2p6p2            0/1     ImagePullBackOff   0          86s

  2. 若要取得 Pod 失敗詳細資訊,請執行下列命令:

    $ kubectl describe pod nginx-7cdbb5f49f-2p6p2
...
Events:
  Type     Reason     Age                   From               Message
  ----     ------     ----                  ----               -------
  Normal   Scheduled  4m23s                 default-scheduler  Successfully assigned default/nginx-7cdbb5f49f-2p6p2 to ip-192-168-149-143.us-east-2.compute.internal
  Normal   Pulling    2m44s (x4 over 4m9s)  kubelet            Pulling image "nginxx:latest"
  Warning  Failed     2m43s (x4 over 4m9s)  kubelet            Failed to pull image "nginxx:latest": rpc error: code = Unknown desc = Error response from daemon: pull access denied for nginxx, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed     2m43s (x4 over 4m9s)  kubelet            Error: ErrImagePull
  Warning  Failed     2m32s (x6 over 4m8s)  kubelet            Error: ImagePullBackOff
  Normal   BackOff    2m17s (x7 over 4m8s)  kubelet            Back-off pulling image "nginxx:latest"

  3. 確認您的映像標籤和名稱存在且正確。

  4. 如果映像登錄需要驗證,請確認您已獲得其存取授權。若要驗證 Pod 中使用的映像是否正確,請執行下列命令:

    $ kubectl get pods nginx-7cdbb5f49f-2p6p2  -o jsonpath="{.spec.containers[*].image}" | \sort
nginx:latest

若要瞭解 Pod 狀態值,請參閱 Kubernetes 網站上的 Pod 階段以及如何對 Amazon EKS 中的 Pod 狀態進行疑難排解?

對私有登錄進行疑難排解

如果您使用 Amazon EKS 從私有登錄中擷取映像,可能需要額外的設定。在工作負載資訊清單上使用 imagePullSecrets 來指定憑證。這些憑證會使用私有登錄進行驗證。這允許 Pod 從指定的私有儲存庫中提取映像。

若要檢視密碼的內容,請使用下列命令在 YAML 中檢視:

kubectl get secret <secret_name> --output=yaml

在下列範例中,Pod 需要存取 regcred 中的 Docker 登錄憑證:

apiVersion: v1
kind: Pod
metadata:
  name: private-reg
spec:
  containers:
  - name: private-reg-container
    image: your-private-image
  imagePullSecrets:
  - name: regcred

your-private-image 取代為私有登錄中映像的路徑,如下所示:

your.private.registry.example.com/bob/bob-private:v1

若要從私有登錄中擷取映像,Kubernetes 需要憑證。組態檔中的 imagePullSecrets 欄位指定 Kubernetes 必須從名為 regcred 的密碼取得憑證。

如需詳細資訊,請參閱 Kubernetes 網站上的從私有登錄中提取映像

對其他登錄問題進行疑難排解

無法提取映像問題

錯誤 "Failed to pull image..." 表示 kubelet 已嘗試連線到私有登錄端點,但由於連線逾時而失敗。

在下列範例中,無法存取登錄,因為 kubelet 無法連上私有登錄端點:

$ kubectl describe pods nginx-9cc69448d-vgm4m
...
Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  16m                default-scheduler  Successfully assigned default/nginx-9cc69448d-vgm4m to ip-192-168-149-143.us-east-2.compute.internal
  Normal   Pulling    15m (x3 over 16m)  kubelet            Pulling image "nginx:stable"
  Warning  Failed     15m (x3 over 16m)  kubelet            Failed to pull image "nginx:stable": rpc error: code = Unknown desc = Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
  Warning  Failed     15m (x3 over 16m)  kubelet            Error: ErrImagePull
  Normal   BackOff    14m (x4 over 16m)  kubelet            Back-off pulling image "nginx:stable"
  Warning  Failed     14m (x4 over 16m)  kubelet            Error: ImagePullBackOff

若要對此錯誤進行疑難排解,請檢查允許與登錄端點通訊的子網路、安全群組和網路 ACL。

超過了登錄速率限制

在下列範例中,已超過登錄速率限制:

$ kubectl describe pod nginx-6bf9f7cf5d-22q48
...
Events:
  Type     Reason                  Age                   From               Message
  ----     ------                  ----                  ----               -------
  Normal   Scheduled               3m54s                 default-scheduler  Successfully assigned default/nginx-6bf9f7cf5d-22q48 to ip-192-168-153-54.us-east-2.compute.internal
  Warning  FailedCreatePodSandBox  3m33s                 kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "82065dea585e8428eaf9df89936653b5ef12b53bef7f83baddb22edc59cd562a" network for pod "nginx-6bf9f7cf5d-22q48": networkPlugin cni failed to set up pod "nginx-6bf9f7cf5d-22q48_default" network: add cmd: failed to assign an IP address to container
  Warning  FailedCreatePodSandBox  2m53s                 kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "20f2e27ba6d813ffc754a12a1444aa20d552cc9d665f4fe5506b02a4fb53db36" network for pod "nginx-6bf9f7cf5d-22q48": networkPlugin cni failed to set up pod "nginx-6bf9f7cf5d-22q48_default" network: add cmd: failed to assign an IP address to container
  Warning  FailedCreatePodSandBox  2m35s                 kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "d9b7e98187e84fed907ff882279bf16223bf5ed0176b03dff3b860ca9a7d5e03" network for pod "nginx-6bf9f7cf5d-22q48": networkPlugin cni failed to set up pod "nginx-6bf9f7cf5d-22q48_default" network: add cmd: failed to assign an IP address to container
  Warning  FailedCreatePodSandBox  2m                    kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "c02c8b65d7d49c94aadd396cb57031d6df5e718ab629237cdea63d2185dbbfb0" network for pod "nginx-6bf9f7cf5d-22q48": networkPlugin cni failed to set up pod "nginx-6bf9f7cf5d-22q48_default" network: add cmd: failed to assign an IP address to container
  Normal   SandboxChanged          119s (x4 over 3m13s)  kubelet            Pod sandbox changed, it will be killed and re-created.
  Normal   Pulling                 56s (x3 over 99s)     kubelet            Pulling image "httpd:latest"
  Warning  Failed                  56s (x3 over 99s)     kubelet            Failed to pull image "httpd:latest": rpc error: code = Unknown desc = Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
  Warning  Failed                  56s (x3 over 99s)     kubelet            Error: ErrImagePull
  Normal   BackOff                 43s (x4 over 98s)     kubelet            Back-off pulling image "httpd:latest"

如果您在達到提取速率限制後嘗試從公有 Docker Hub 儲存庫中提取映像,則會停止您。如需詳細資訊,請參閱 Docker Hub 網站上的 Docker Hub 速率限制

主題
容器
標籤
Amazon Elastic Kubernetes Service
語言
中文 (繁體)
AWS 官方
AWS 官方已更新 1 年前
沒有評論

相關內容