环境 ：
三台 master
三台 work
每台 work 节点上都已经 pull 好配置文件 ingress-nginx-mandatory.yaml 中的镜像 ：
k8s.gcr.io/ingress-nginx/kube-webhook-certgen v1.1.1 c41e9fcadf5a 3 months ago 47.7MB
k8s.gcr.io/ingress-nginx/controller v1.1.0 ae1a7201ec95 2 months ago 285MB

目前状态：
[root@k8s-master-31 ~]# kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-admission-create-57x5v 0/1 ImagePullBackOff 0 27m
pod/ingress-nginx-admission-patch-77hhd 0/1 ImagePullBackOff 0 27m
pod/ingress-nginx-controller-5cdd59d56b-5kvtt 0/1 Pending 0 27m

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller LoadBalancer 10.233.75.228 80:30744/TCP,443:32392/TCP 27m
service/ingress-nginx-controller-admission ClusterIP 10.233.191.87 443/TCP 27m

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 0/1 1 0 27m

NAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-5cdd59d56b 1 1 0 27m

NAME COMPLETIONS DURATION AGE
job.batch/ingress-nginx-admission-create 0/1 27m 27m
job.batch/ingress-nginx-admission-patch 0/1 27m 27m
尝试了各种方法都是失败的。
[root@k8s-master-31 ~]# grep image ingress-nginx-mandatory.yaml
image: k8s.gcr.io/ingress-nginx/controller:v1.1.0@sha256:f766669fdcf3dc26347ed273a55e754b427eb4411ee075a53f30718b4499076a
image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
以上两个是配置文件中的的镜像。

[root@k8s-master-31 ~]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-57x5v 0/1 ImagePullBackOff 0 32m
ingress-nginx-admission-patch-77hhd 0/1 ErrImagePull 0 32m
ingress-nginx-controller-5cdd59d56b-5kvtt 0/1 Pending 0 32
通过命令查看 ：
[root@k8s-master-31 ~]# kubectl describe pod -n ingress-nginx ingress-nginx-admission-create-57x5v
Name: ingress-nginx-admission-create-57x5v
Namespace: ingress-nginx
Priority: 0
Node: k8s-node-41/192.168.1.41
Start Time: Wed, 02 Feb 2022 01:47:21 +0800
Labels: app.kubernetes.io/component=admission-webhook
app.kubernetes.io/instance=ingress-nginx
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=ingress-nginx
app.kubernetes.io/version=1.1.0
controller-uid=243d1633-72d1-4d7e-9812-d68955a312a6
helm.sh/chart=ingress-nginx-4.0.10
job-name=ingress-nginx-admission-create
Annotations: cni.projectcalico.org/containerID: 9b2389876f32e5664348b4494403e58df40c6eb51769b97965e2f310ecad7668
cni.projectcalico.org/podIP: 10.200.181.75/32
cni.projectcalico.org/podIPs: 10.200.181.75/32
Status: Pending
IP: 10.200.181.75
IPs:
IP: 10.200.181.75
Controlled By: Job/ingress-nginx-admission-create
Containers:
create:
Container ID:
Image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
Image ID:
Port:
Host Port:
Args:
create
–host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.(PODNAMESPACE).svc−−namespace=(POD_NAMESPACE).svc --namespace=(PODN​AMESPACE).svc−−namespace=(POD_NAMESPACE)
–secret-name=ingress-nginx-admission
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment:
POD_NAMESPACE: ingress-nginx (v1:metadata.namespace)
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from ingress-nginx-admission-token-5p5rh (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
ingress-nginx-admission-token-5p5rh:
Type: Secret (a volume populated by a Secret)
SecretName: ingress-nginx-admission-token-5p5rh
Optional: false
QoS Class: BestEffort
Node-Selectors: kubernetes.io/os=linux
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message

Normal Scheduled 33m default-scheduler Successfully assigned ingress-nginx/ingress-nginx-admission-create-57x5v to k8s-node-41
Warning Failed 33m kubelet Failed to pull image “k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660”: rpc error: code = Unknown desc = Error response from daemon: Get “https://k8s.gcr.io/v2/”: dial tcp 108.177.97.82:443: connect: connection timed out
Warning Failed 33m kubelet Failed to pull image “k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660”: rpc error: code = Unknown desc = Error response from daemon: Get “https://k8s.gcr.io/v2/”: dial tcp 108.177.125.82:443: connect: connection timed out
Warning Failed 32m kubelet Failed to pull image “k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660”: rpc error: code = Unknown desc = Error response from daemon: Get “https://k8s.gcr.io/v2/”: dial tcp 142.250.157.82:443: connect: connection timed out
Normal Pulling 31m (x4 over 33m) kubelet Pulling image "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660"
Warning Failed 31m (x4 over 33m) kubelet Error: ErrImagePull
Warning Failed 31m kubelet Failed to pull image “k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660”: rpc error: code = Unknown desc = Error response from daemon: Get “https://k8s.gcr.io/v2/”: dial tcp 64.233.189.82:443: connect: connection timed out
Normal BackOff 31m (x6 over 33m) kubelet Back-off pulling image "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660"
Warning Failed 3m30s (x123 over 33m) kubelet Error: ImagePullBackOff

可能问题还是出现在拉取镜像的问题，能有什么办法解决吗？
已尝试过 ：
1、在 oracle 云上拉取镜像，然后通过 docker save -o 命令保存镜像，下载回本地后，在本地执行 docker load -i 加载。三台 work 节点都有镜像，但就是不能使用。
2、在 work 节点直接代理可以科学网网，但是拉取镜像时就会报 ：Error response from daemon: Get “https://k8s.gcr.io/v2/”: dial tcp 64.233.189.82:443: connect: connection timed out 。

还有什么办法解决镜像问题吗？