kubectl get pods一直显示ContainerCreating

原文：https://blog.csdn.net/u010039418/article/details/86515007

背景
根据yaml文件创建rc后，查询pods状态时，一直显示ContainerCreating，

方案一：

[root@CentOS-7-4 /home/k8s]# kubectl get pods
NAME READY STATUS RESTARTS AGE
redis-master-5zn2z 0/1 ContainerCreating 0 13s

解决方案
查看这个pods的详细信息，

[root@CentOS-7-4 /home/k8s]# kubectl describe pod redis-master-5zn2z
Name: redis-master-5zn2z
Namespace: default
Node: 192.168.0.29/192.168.0.29
Start Time: Wed, 16 Jan 2019 07:50:04 -0500
Labels: name=redis-master
Status: Pending
IP:
Controllers: ReplicationController/redis-master
Containers:
master:
Container ID:
Image: kubeguide/redis-master
Image ID:
Port: 6379/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath TypeReason Message
--------- -------- ----- ---- ------------- -------- ------ -------
1m 1m 1 {default-scheduler } Normal Scheduled Successfully assigned redis-master-5zn2z to 192.168.0.29
1m 18s 4 {kubelet 192.168.0.29} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image "registry.access.redhat.com/rhel7/pod-infrastructure:latest""

1m 6s 4 {kubelet 192.168.0.29} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

可见，是缺少了/etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt文件，

[root@CentOS-7-4 /home/k8s]# ll /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt
lrwxrwxrwx. 1 root root 27 May 16 2018 /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem
[root@CentOS-7-4 /home/k8s]# ll /etc/rhsm/ca/redhat-uep.pem
ls: cannot access /etc/rhsm/ca/redhat-uep.pem: No such file or directory

使用yum查询/etc/rhsm/ca/redhat-uep.pem是哪个rpm包提供的，

[root@CentOS-7-4 /home/k8s]# yum provides */redhat-uep.pem
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* extras: mirrors.cn99.com
* updates: mirrors.cn99.com
python-rhsm-certificates-1.19.10-1.el7_4.x86_64 : Certificates required to communicate with a
: Red Hat Unified Entitlement Platform
Repo : base
Matched from:
Filename : /etc/rhsm/ca/redhat-uep.pem

因此，安装python-rhsm-certificates组件即可。

但事实并不如此。。。。

[root@CentOS-7-4 /home/k8s]# yum install python-rhsm-certificates -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* extras: mirrors.cn99.com
* updates: mirrors.cn99.com
Package python-rhsm-certificates is obsoleted by subscription-manager-rhsm-certificates, trying to install subscription-manager-rhsm-certificates-1.21.10-3.el7.centos.x86_64 instead

python-rhsm-certificates不再被允许安装，改而使用subscription-manager-rhsm-certificates。其实用哪个倒无所谓，但是新的这个组件没有提供/etc/rhsm/ca/redhat-uep.pem文件，所以还是会出现ContainerCreating的情况。

所以只能用以下方式安装，也就是直接下载python-rhsm-certificates，然后手动安装。

[root@CentOS-7-4 /home/k8s]# yumdownloader python-rhsm-certificates
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* extras: mirrors.cn99.com
* updates: mirrors.cn99.com
python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | 41 kB 00:00:00
[root@CentOS-7-4 /home/k8s]# ls
. .. python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
[root@CentOS-7-4 /home/k8s]# rpm -e subscription-manager-rhsm-certificates
[root@CentOS-7-4 /home/k8s]# rpm -ivh python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:python-rhsm-certificates-1.19.10-################################# [100%]
[root@CentOS-7-4 /home/k8s]# ll /etc/rhsm/ca/redhat-uep.pem
-rw-r--r-- 1 root root 7732 Oct 19 2017 /etc/rhsm/ca/redhat-uep.pem

同时需要注意的是，其他所有结点也都要这样安装，因为每个结点都有可能需要运行这个pod。

都安装好后，稍等一会( 一分钟左右)再查看，就可以看到running状态的pod了。

[root@CentOS-7-4 /home/k8s]# kubectl get pods
NAME READY STATUS RESTARTS AGE
redis-master-nslvc 1/1 Running 0 12h

方案二：

解决方法：试试通过手动下载

docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest

docker pull 是还是报错

     open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory

查看下redhat-ca.crt确实不存在，registry.access.redhat.com/rhel7/pod-infrastructure:latest默认是https下载。

最终解决方案：

 1.docker search pod-infrastructure

INDEX       NAME                                                DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
docker.io   docker.io/openshift/origin-pod                      The pod infrastructure image for OpenShift 3    8                    
docker.io   docker.io/davinkevin/podcast-server                 Container around the Podcast-Server Applic...   5                    
docker.io   docker.io/infrastructureascode/aws-cli              Containerized AWS CLI on alpine to avoid r...   4                    [OK]
docker.io   docker.io/newrelic/infrastructure                   Public image for New Relic Infrastructure.      3                    
docker.io   docker.io/infrastructureascode/uwsgi                uWSGI application server                        2                    [OK]
docker.io   docker.io/infrastructureascode/serf                 A tiny Docker image with HashiCorp Serf us...   1                    [OK]
docker.io   docker.io/mosquitood/k8s-rhel7-pod-infrastructure                                                   1                    
docker.io   docker.io/podigg/podigg-lc-hobbit                   A HOBBIT dataset generator wrapper for PoDiGG   1                    [OK]
docker.io   docker.io/tianyebj/pod-infrastructure               registry.access.redhat.com/rhel7/pod-infra...   1                    
docker.io   docker.io/w564791/pod-infrastructure                latest                                          1                    
docker.io   docker.io/infrastructureascode/hello-world          A tiny "Hello World" web server with a hea...   0                    [OK]

找到可用的进行pull到本地。

2.docker pull docker.io/tianyebj/pod-infrastructure

3.docker tag pod-infrastructure 10.0.2.11:5000/pod-infrastructure  

其中10.0.2.11是本机的IP，pull下来之后push到本机的私有仓库。

4.docker push 10.0.2.11:5000/pod-infrastructure

5. /etc/kubernetes/kubelet 

pod-infrastructure是在node的kubelet配置文件中定义的， 要更改每个node中/etc/kubernetes/kubelet中对应的

“KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"

修改为：

"KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image= 10.0.2.11:5000/pod-infrastructure:latest "

更改之后需要重启kubelet服务。

7.重启

systemctl restart kube-apiserver
systemctl restart kube-controller-manager

systemctl restart kube-scheduler

systemctl restart kubelet

systemctl restart kube-proxy

8. kubectl get pods 查看之前的pods已经正常状态Running