那些遇到过的问题

小编San*_* P.的帖子

在containerd中添加不安全的注册表

尝试将不安全的注册表添加到containerd配置中,如下所示:

[plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/opt/cni/bin"
      conf_dir = "/etc/cni/net.d"
      max_conf_num = 1
      conf_template = ""
    [plugins."io.containerd.grpc.v1.cri".registry]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://registry-1.docker.io"]
        [plugin."io.containerd.grpc.v1.cri".registry.mirrors."test.http-registry.io"]
          endpoint = ["http://v048011.dom600.lab:5000"]
Run Code Online (Sandbox Code Playgroud)

即使将其添加到 后config.toml,当从不安全的注册表中提取映像时,它也会失败:

sudo ctr image pull v048011.dom600.lab:5000:5000/myjenkins:latest

ctr: failed to resolve reference "v048011.dom600.lab:5000/myjenkins:latest": failed to do request: Head https://v048011.dom600.lab:5000:5000/v2/myjenkins/manifests/latest: http: server gave HTTP response to HTTPS client
Run Code Online (Sandbox Code Playgroud)

docker我们可以将其添加insecure registry到文件中daemon.json,然后 docker 将从其中提取图像,我怎样才能在 中实现相同的目的containerd?替换 docker 作为 k8s 集群中的运行时。

kubernetes containerd

San*_* P.
2021 01-12
20
推荐指数
2
解决办法
4万
查看次数

添加现有 PVC 后,Grafana Pod 处于 Init Error 状态

使用 helm Charts安装 grafana ,部署顺利,grafana ui 已启动,需要添加现有持久卷,运行以下 cmd:

helm install grafana grafana/grafana -n prometheus --set persistence.enabled=true --set persistence.existingClaim=grafana-pvc
Run Code Online (Sandbox Code Playgroud)

init 容器崩溃,日志如下:

kubectl logs grafana-847b88556f-gjr8b -n prometheus -c init-chown-data                    
chown: /var/lib/grafana: Operation not permitted
chown: /var/lib/grafana: Operation not permitted
Run Code Online (Sandbox Code Playgroud)

在检查部署 yaml 时发现此部分:

initContainers:
      - command:
        - chown
        - -R
        - 472:472
        - /var/lib/grafana
        image: busybox:1.31.1
        imagePullPolicy: IfNotPresent
        name: init-chown-data
        resources: {}
        securityContext:
          runAsNonRoot: false
          runAsUser: 0
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /var/lib/grafana
          name: storage
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: …
Run Code Online (Sandbox Code Playgroud)

grafana kubernetes

San*_* P.
lucky-day
5
推荐指数
1
解决办法
2951
查看次数

发生内部错误:调用 webhook“validation.istio.io”失败

通过使用 GCP Anthos,我在 GKE 集群上安装了 Anthos 1.11,并安装了 Online Boutique 应用程序,它按预期运行。然后尝试升级到 Anthos 1.12,升级后能够将新的 Envoy Sidecar 注入到部署中。问题是当我尝试创建如下服务条目时:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata: # kpt-merge: /allow-egress-googleapis
  name: allow-egress-googleapis
spec:
  hosts:
  - "accounts.google.com" # Used to get token
  - "*.googleapis.com"
  ports:
  - number: 80
    protocol: HTTP
    name: http
  - number: 443
    protocol: HTTPS
    name: https
---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata: # kpt-merge: /allow-egress-google-metadata
  name: allow-egress-google-metadata
spec:
  hosts:
  - metadata.google.internal
  addresses:
  - 169.254.169.254 # GCE metadata server
  ports:
  - number: 80
    name: http
    protocol: …
Run Code Online (Sandbox Code Playgroud)

google-kubernetes-engine istio google-anthos google-anthos-service-mesh

San*_* P.
lucky-day
2
推荐指数
1
解决办法
1万
查看次数

loop across modules in terraform

I need to build about 30 pub sub topics in GCP, creating each module for a pub sub topic is a tedious process, is there any better way for handling it ?

module "a" {
  source       = ""
  project_id   = var.project_id
  topic        = var.a["topic_name"]
  topic_labels = var.a["topic_labels"]
  pull_subscriptions = [
    {
      name                    = var.a["pull_subscription_name"]
      ack_deadline_seconds    = var.a["ack_deadline_seconds"]
      max_delivery_attempts   = var.a["max_delivery_attempts"]
      maximum_backoff         = var.maximum_backoff
      minimum_backoff         = var.minimum_backoff
      expiration_policy       = var.expiration_policy
      enable_message_ordering = true
    }
  ]
}

module "b" {
  source       = …
Run Code Online (Sandbox Code Playgroud)

terraform terraform-provider-gcp

San*_* P.
lucky-day
0
推荐指数
1
解决办法
8185
查看次数

标签 统计

kubernetes ×2

containerd ×1

google-anthos ×1

google-anthos-service-mesh ×1

google-kubernetes-engine ×1

grafana ×1

istio ×1

terraform ×1

terraform-provider-gcp ×1