【已解决】containerd 拉取 hub.mooc.com镜像报错

来源：7-1 定时任务迁移kubernetes

慕少8521559

2021-10-30

查看了其他小伙伴的问题

参考了这个 https://coding.imooc.com/learn/questiondetail/GDyQ0Y9g4w76JARr.html 和 https://coding.imooc.com/learn/questiondetail/r9mGBP5qlRqPjaKR.html https://github.com/containerd/containerd/blob/main/docs/cri/registry.md

然后配置了 /etc/containerd/config.toml 。如下

[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."hub.mooc.com"]
endpoint = ["http://hub.mooc.com"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."hub.mooc.com".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."hub.mooc.com".auth]
username="pusher"
password="Pusher123"

然后重启 service containerd restart 成功

可是依然失败

kubectl get pods 显示如下

NAME READY STATUS RESTARTS AGE
cronjob-demo-1635602640-dbttl 0/1 ImagePullBackOff 0 47s

显示 ImagePullBackOff，看起来是拉镜像失败

kubectl describe pod cronjob-demo-1635602640-dbttl，结果如下：

Name: cronjob-demo-1635602640-dbttl
Namespace: default
Priority: 0
Node: node-3/10.7.190.186
Start Time: Sat, 30 Oct 2021 22:43:17 +0800
Labels: app=cronjob-demo
controller-uid=ac2a7a8b-efdb-4b18-8591-5246c2f2ffa2
job-name=cronjob-demo-1635602640
Annotations: cni.projectcalico.org/containerID: da9e08d7c0cec8daa34d0d72d2fb26a36cf3e3e76a99c11d89e972d844e15aad
cni.projectcalico.org/podIP: 10.200.139.70/32
cni.projectcalico.org/podIPs: 10.200.139.70/32
Status: Pending
IP: 10.200.139.70
IPs:
IP: 10.200.139.70
Controlled By: Job/cronjob-demo-1635602640
Containers:
cronjob-demo:
Container ID:
Image: hub.mooc.com/kubernetes/cronjob:v1
Image ID:
Port: <none>

▽
Host Port: <none>
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-mcb2v (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-mcb2v:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-mcb2v
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 57s default-scheduler Successfully assigned default/cronjob-demo-1635602640-dbttl to node-3
Normal BackOff 26s (x3 over 55s) kubelet Back-off pulling image "hub.mooc.com/kubernetes/cronjob:v1"
Warning Failed 26s (x3 over 55s) kubelet Error: ImagePullBackOff
Normal Pulling 13s (x3 over 56s) kubelet Pulling image "hub.mooc.com/kubernetes/cronjob:v1"
Warning Failed 13s (x3 over 56s) kubelet Failed to pull image "hub.mooc.com/kubernetes/cronjob:v1": rpc error: code = Unknown desc = failed to pull and unpack image "hub.mooc.com/kubernetes/cronjob:v1": failed to resolve reference "hub.mooc.com/kubernetes/cronjob:v1": failed to do request: Head "https://hub.mooc.com/v2/kubernetes/cronjob/manifests/v1": x509: certificate is valid for ingress.local, not hub.mooc.com
Warning Failed 13s (x3 over 56s) kubelet Error: ErrImagePull

其中关键报错是

Failed to pull image "hub.mooc.com/kubernetes/cronjob:v1": rpc error: code = Unknown desc = failed to pull and unpack image "hub.mooc.com/kubernetes/cronjob:v1": failed to resolve reference "hub.mooc.com/kubernetes/cronjob:v1": failed to do request: Head "https://hub.mooc.com/v2/kubernetes/cronjob/manifests/v1": x509: certificate is valid for ingress.local, not hub.mooc.com

看起来是 hub.mooc.com 的证书或者443端口有问题。

可是我手动执行 crictl pull hub.mooc.com/kubernetes/cronjob:v1 是成功。如下