從 ECR 到 EKS 的影像無法正常運作,因為產生的 Pod 始終為 0/2
- WBOY轉載
- 2024-02-08 22:39:08920瀏覽
php小編草莓在解決容器化應用部署問題時,發現從ECR(Amazon Elastic Container Registry)到EKS(Amazon Elastic Kubernetes Service)的圖像無法正常運作的情況。具體表現為產生的Pod始終為0/2,這表示容器無法正常啟動或運作。這個問題可能涉及多個方面,包括影像本身的問題、容器配置的錯誤或網路環境的限制等。以下將詳細介紹一些常見的解決方案,幫助開發者快速解決這個問題。
問題內容
我已經嘗試了幾乎所有方法來讓事情走上正確的路徑,但仍然無法讓我的 pod 處於可用狀態。
所以我有一個用 go 寫的基本應用程式。
我使用 docker build --tag docker-gs-ping . 建立了程式的映像
然後我嘗試在容器內執行相同的指令 docker run --publish 8080:8080 docker-gs-ping
然後我想將我的圖像儲存到 amazon ecr,為此我在 ecr 中創建了一個儲存庫。
現在,在建立儲存庫後,我標記了本機中存在的映像。
docker tag f49366b7f534 ****40312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest
f49366b7f534是我本地的圖片標籤。 docker-gs-ping 是 ecr 中的儲存庫名稱。
然後我使用命令將標記的圖像上傳到 ecr。
docker push ****40312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest
不確定上述指令是否會從本地推送標記的映像或最近的映像,因為無法提及要推送到 ecr 的特定映像。
目前的結果是
完成上述步驟後,我使用以下檔案和命令建立了一個 vps:
eks 堆疊:
---
awstemplateformatversion: '2010-09-09'
description: 'amazon eks cluster'
parameters:
clustername:
type: string
default: my-eks-cluster
numberofworkernodes:
type: number
default: 1
workernodesinstancetype:
type: string
default: t2.micro
kubernetesversion:
type: string
default: 1.22
resources:
###########################################
## roles
###########################################
eksrole:
type: aws::iam::role
properties:
rolename: my.eks.cluster.role
assumerolepolicydocument:
version: "2012-10-17"
statement:
- effect: allow
principal:
service:
- eks.amazonaws.com
action:
- sts:assumerole
path: /
managedpolicyarns:
- "arn:aws:iam::aws:policy/amazoneksclusterpolicy"
eksnoderole:
type: aws::iam::role
properties:
rolename: my.eks.node.role
assumerolepolicydocument:
version: "2012-10-17"
statement:
- effect: allow
principal:
service:
- ec2.amazonaws.com
action:
- sts:assumerole
path: /
managedpolicyarns:
- "arn:aws:iam::aws:policy/amazoneksworkernodepolicy"
- "arn:aws:iam::aws:policy/amazonec2containerregistryreadonly"
- "arn:aws:iam::aws:policy/amazoneks_cni_policy"
###########################################
## eks cluster
###########################################
ekscluster:
type: aws::eks::cluster
properties:
name: !ref clustername
version: !ref kubernetesversion
rolearn: !getatt eksrole.arn
resourcesvpcconfig:
securitygroupids:
- !importvalue controlplanesecuritygroupid
subnetids: !split [ ',', !importvalue privatesubnetids ]
eksnodegroup:
type: aws::eks::nodegroup
dependson: ekscluster
properties:
clustername: !ref clustername
noderole: !getatt eksnoderole.arn
scalingconfig:
minsize:
ref: numberofworkernodes
desiredsize:
ref: numberofworkernodes
maxsize:
ref: numberofworkernodes
subnets: !split [ ',', !importvalue privatesubnetids ]
指令:aws cloudformation create-stack --region us-east-1 --stack-name my-eks-cluster --capability capability_named_iam --template-body file://eks-stack.yaml
eks vpc yaml
---
awstemplateformatversion: '2010-09-09'
description: 'amazon eks vpc - private and public subnets'
parameters:
vpcblock:
type: string
default: 192.168.0.0/16
description: the cidr range for the vpc. this should be a valid private (rfc 1918) cidr range.
publicsubnet01block:
type: string
default: 192.168.0.0/18
description: cidrblock for public subnet 01 within the vpc
publicsubnet02block:
type: string
default: 192.168.64.0/18
description: cidrblock for public subnet 02 within the vpc
privatesubnet01block:
type: string
default: 192.168.128.0/18
description: cidrblock for private subnet 01 within the vpc
privatesubnet02block:
type: string
default: 192.168.192.0/18
description: cidrblock for private subnet 02 within the vpc
metadata:
aws::cloudformation::interface:
parametergroups:
-
label:
default: "worker network configuration"
parameters:
- vpcblock
- publicsubnet01block
- publicsubnet02block
- privatesubnet01block
- privatesubnet02block
resources:
vpc:
type: aws::ec2::vpc
properties:
cidrblock: !ref vpcblock
enablednssupport: true
enablednshostnames: true
tags:
- key: name
value: !sub '${aws::stackname}-vpc'
internetgateway:
type: "aws::ec2::internetgateway"
vpcgatewayattachment:
type: "aws::ec2::vpcgatewayattachment"
properties:
internetgatewayid: !ref internetgateway
vpcid: !ref vpc
publicroutetable:
type: aws::ec2::routetable
properties:
vpcid: !ref vpc
tags:
- key: name
value: public subnets
- key: network
value: public
privateroutetable01:
type: aws::ec2::routetable
properties:
vpcid: !ref vpc
tags:
- key: name
value: private subnet az1
- key: network
value: private01
privateroutetable02:
type: aws::ec2::routetable
properties:
vpcid: !ref vpc
tags:
- key: name
value: private subnet az2
- key: network
value: private02
publicroute:
dependson: vpcgatewayattachment
type: aws::ec2::route
properties:
routetableid: !ref publicroutetable
destinationcidrblock: 0.0.0.0/0
gatewayid: !ref internetgateway
privateroute01:
dependson:
- vpcgatewayattachment
- natgateway01
type: aws::ec2::route
properties:
routetableid: !ref privateroutetable01
destinationcidrblock: 0.0.0.0/0
natgatewayid: !ref natgateway01
privateroute02:
dependson:
- vpcgatewayattachment
- natgateway02
type: aws::ec2::route
properties:
routetableid: !ref privateroutetable02
destinationcidrblock: 0.0.0.0/0
natgatewayid: !ref natgateway02
natgateway01:
dependson:
- natgatewayeip1
- publicsubnet01
- vpcgatewayattachment
type: aws::ec2::natgateway
properties:
allocationid: !getatt 'natgatewayeip1.allocationid'
subnetid: !ref publicsubnet01
tags:
- key: name
value: !sub '${aws::stackname}-natgatewayaz1'
natgateway02:
dependson:
- natgatewayeip2
- publicsubnet02
- vpcgatewayattachment
type: aws::ec2::natgateway
properties:
allocationid: !getatt 'natgatewayeip2.allocationid'
subnetid: !ref publicsubnet02
tags:
- key: name
value: !sub '${aws::stackname}-natgatewayaz2'
natgatewayeip1:
dependson:
- vpcgatewayattachment
type: 'aws::ec2::eip'
properties:
domain: vpc
natgatewayeip2:
dependson:
- vpcgatewayattachment
type: 'aws::ec2::eip'
properties:
domain: vpc
publicsubnet01:
type: aws::ec2::subnet
metadata:
comment: subnet 01
properties:
mappubliciponlaunch: true
availabilityzone:
fn::select:
- '0'
- fn::getazs:
ref: aws::region
cidrblock:
ref: publicsubnet01block
vpcid:
ref: vpc
tags:
- key: name
value: !sub "${aws::stackname}-publicsubnet01"
- key: kubernetes.io/role/elb
value: 1
publicsubnet02:
type: aws::ec2::subnet
metadata:
comment: subnet 02
properties:
mappubliciponlaunch: true
availabilityzone:
fn::select:
- '1'
- fn::getazs:
ref: aws::region
cidrblock:
ref: publicsubnet02block
vpcid:
ref: vpc
tags:
- key: name
value: !sub "${aws::stackname}-publicsubnet02"
- key: kubernetes.io/role/elb
value: 1
privatesubnet01:
type: aws::ec2::subnet
metadata:
comment: subnet 03
properties:
availabilityzone:
fn::select:
- '0'
- fn::getazs:
ref: aws::region
cidrblock:
ref: privatesubnet01block
vpcid:
ref: vpc
tags:
- key: name
value: !sub "${aws::stackname}-privatesubnet01"
- key: kubernetes.io/role/internal-elb
value: 1
privatesubnet02:
type: aws::ec2::subnet
metadata:
comment: private subnet 02
properties:
availabilityzone:
fn::select:
- '1'
- fn::getazs:
ref: aws::region
cidrblock:
ref: privatesubnet02block
vpcid:
ref: vpc
tags:
- key: name
value: !sub "${aws::stackname}-privatesubnet02"
- key: kubernetes.io/role/internal-elb
value: 1
publicsubnet01routetableassociation:
type: aws::ec2::subnetroutetableassociation
properties:
subnetid: !ref publicsubnet01
routetableid: !ref publicroutetable
publicsubnet02routetableassociation:
type: aws::ec2::subnetroutetableassociation
properties:
subnetid: !ref publicsubnet02
routetableid: !ref publicroutetable
privatesubnet01routetableassociation:
type: aws::ec2::subnetroutetableassociation
properties:
subnetid: !ref privatesubnet01
routetableid: !ref privateroutetable01
privatesubnet02routetableassociation:
type: aws::ec2::subnetroutetableassociation
properties:
subnetid: !ref privatesubnet02
routetableid: !ref privateroutetable02
controlplanesecuritygroup:
type: aws::ec2::securitygroup
properties:
groupdescription: cluster communication with worker nodes
vpcid: !ref vpc
outputs:
publicsubnetids:
description: public subnets ids in the vpc
value: !join [ ",", [ !ref publicsubnet01, !ref publicsubnet02 ] ]
export:
name: publicsubnetids
privatesubnetids:
description: private subnets ids in the vpc
value: !join [ ",", [ !ref privatesubnet01, !ref privatesubnet02 ] ]
export:
name: privatesubnetids
controlplanesecuritygroupid:
description: security group for the cluster control plane communication with worker nodes
value: !ref controlplanesecuritygroup
export:
name: controlplanesecuritygroupid
vpcid:
description: the vpc id
value: !ref vpc
export:
name: vpcid
指令:aws cloudformation create-stack --region us-east-1 --stack-name my-eks-vpc --template-body file://eks-vpc-stack.yaml
指令後的結果:
現在我嘗試部署deployment.yaml和service.yaml檔案
deployment.yaml
apiversion: apps/v1
kind: deployment
metadata:
name: helloworld
namespace: default
spec:
replicas: 2
selector:
matchlabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: new-container
image: ****40312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest
ports:
- containerport: 80
指令與結果:
#現在service.yaml
#apiversion: v1
kind: service
metadata:
name: helloworld
spec:
type: loadbalancer
selector:
app: helloworld
ports:
- name: http
port: 80
targetport: 80
指令與結果:
#完成這一切後,當我執行 kubectl get 部署時,我得到以下結果:
為了調試,我嘗試了 kubectl描述pod helloworld,我得到如下
C:\Users\visratna\GolandProjects\testaws>kubectl describe pod helloworld
Name: helloworld-c6dc56598-jmpvr
Namespace: default
Priority: 0
Service Account: default
Node: docker-desktop/192.168.65.4
Start Time: Fri, 07 Jul 2023 22:22:18 +0530
Labels: app=helloworld
pod-template-hash=c6dc56598
Annotations: <none>
Status: Pending
IP: 10.1.0.7
IPs:
IP: 10.1.0.7
Controlled By: ReplicaSet/helloworld-c6dc56598
Containers:
new-container:
Container ID:
Image: 549840312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest
Image ID:
Port: 80/TCP
Host Port: 0/TCP
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sldvv (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-sldvv:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 23m default-scheduler Successfully assigned default/helloworld-c6dc56598-jmpvr to docker-desktop
Normal Pulling 22m (x4 over 23m) kubelet Pulling image "549840312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest"
Warning Failed 22m (x4 over 23m) kubelet Failed to pull image "549840312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest": rpc error: code = Unknown desc = Error response from daemon: Head "https://549840312665.dkr.ecr.us-east-1.amazonaws.com/v2/docker-gs-ping/manifests/latest": no basic auth credentials
Warning Failed 22m (x4 over 23m) kubelet Error: ErrImagePull
Warning Failed 22m (x6 over 23m) kubelet Error: ImagePullBackOff
Normal BackOff 3m47s (x85 over 23m) kubelet Back-off pulling image "549840312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest"
Name: helloworld-c6dc56598-r9b4d
Namespace: default
Priority: 0
Service Account: default
Node: docker-desktop/192.168.65.4
Start Time: Fri, 07 Jul 2023 22:22:18 +0530
Labels: app=helloworld
pod-template-hash=c6dc56598
Annotations: <none>
Status: Pending
IP: 10.1.0.6
IPs:
IP: 10.1.0.6
Controlled By: ReplicaSet/helloworld-c6dc56598
Containers:
new-container:
Container ID:
Image: 549840312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest
Image ID:
Port: 80/TCP
Host Port: 0/TCP
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-84rw4 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-84rw4:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 23m default-scheduler Successfully assigned default/helloworld-c6dc56598-r9b4d to docker-desktop
Normal Pulling 22m (x4 over 23m) kubelet Pulling image "549840312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest"
Warning Failed 22m (x4 over 23m) kubelet Failed to pull image "549840312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest": rpc error: code = Unknown desc = Error response from daemon: Head "https://549840312665.dkr.ecr.us-east-1.amazonaws.com/v2/docker-gs-ping/manifests/latest": no basic auth credentials
Warning Failed 22m (x4 over 23m) kubelet Error: ErrImagePull
Warning Failed 22m (x6 over 23m) kubelet Error: ImagePullBackOff
Normal BackOff 3m43s (x86 over 23m) kubelet Back-off pulling image "549840312665.dkr.ecr.us-east-1.amazonaws.com/docker-gs-ping:latest"
我已經按照 stackoverflow 上的建議嘗試了許多解決方案,但似乎沒有任何對我有用的解決方案,有什麼建議我可以讓事情正常工作嗎?預先非常感謝您。
解決方法
有幾件事。首先,您應該避免使用最新標籤。這是一種反模式。當您將映像推送到 ECR 時,請使用建置標籤或版本號碼作為映像標籤。其次,您需要驗證您的工作執行緒節點是否有權從 ECR 提取映像,特別是 AmazonEC2ContainerRegistryReadOnly 策略。否則,kubelet 將無法從 ECR 中提取鏡像。如果註冊表與叢集位於不同的帳戶中,則需要建立儲存庫[資源]策略。請參閱 https://docs.aws.amazon.com/AmazonECR /latest/userguide/repository-policies.html。
以上是從 ECR 到 EKS 的影像無法正常運作,因為產生的 Pod 始終為 0/2的詳細內容。更多資訊請關注PHP中文網其他相關文章!
陳述:
本文轉載於:stackoverflow.com。如有侵權,請聯絡admin@php.cn刪除