问题:公司内网由于防火墙的原因,上不了外网,而这个时候k8s集群pods以来的pasue容器是依赖的外部镜像源,这会造成k8s节点重启后无法起pods.
解决:
我们知道在kubelet的配置中有这样一个参数:
kubernetes中默认的配置参数是:
KUBELET_POD_INFRA_CONTAINER=–pod-infra-container-image=k8s.gcr.io/pause-amd64:3.1
Pause容器,是可以自己来定义,官方使用的gcr.io/google_containers/pause-amd64:3.0容器的代码见Github,使用C语言编写。
更改:
[root@k8s-master-1 ~]# cat /etc/systemd/system/kubelet.service.d/10-kubelet.conf
[Service]
Environment="KUBELET_POD_INFRA_CONTAINER=–pod-infra-container-image=registry.bst-1.cns.bstjpc.com:5000/k8s.gcr.io/pause-amd64:3.1"
Environment=“KUBELET_KUBECONFIG_ARGS=–kubeconfig=/etc/kubernetes/kubelet.conf”
Environment=“KUBELET_SYSTEM_PODS_ARGS=–pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true”
Environment=“KUBELET_DNS_ARGS=–cluster-dns=10.96.0.10 --cluster-domain=cluster.local”
Environment=“KUBELET_CADVISOR_ARGS=–cadvisor-port=4194”
Environment="KUBELET_VOLUME_ARGS=–volume-plugin-dir=/var/lib/kubelet/volumeplugins --feature-gates=DevicePlugins=true,BlockVolume=true,PodPriority=true --volume-stats-agg-period=0 "
Environment=“KUBELET_EXTRA_ARGS=–fail-swap-on=false --node-labels=node-role.kubernetes.io/master=’’ --logtostderr=true --v=0”
Environment=“KUBELET_NETWORK_ARGS=–network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin”
Environment=“KUBELET_AUTHZ_ARGS=–authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.pem”
Environment=“KUBELET_CERTIFICATE_ARGS=–rotate-certificates=true --cert-dir=/var/lib/kubelet/pki”
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_POD_INFRA_CONTAINER $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_DNS_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_VOLUME_ARGS $KUBELET_EXTRA_ARGS