如何调试"ImagePullBackOff"? [英] How to debug "ImagePullBackOff"?
问题描述
突然之间,我无法部署一些以前可以部署的映像.我得到以下广告连播状态:
All of a sudden, I cannot deploy some images which could be deployed before. I got the following pod status:
[root@webdev2 origin]# oc get pods
NAME READY STATUS RESTARTS AGE
arix-3-yjq9w 0/1 ImagePullBackOff 0 10m
docker-registry-2-vqstm 1/1 Running 0 2d
router-1-kvjxq 1/1 Running 0 2d
该应用程序将无法启动.吊舱未尝试运行容器.从事件"页面,我得到了Back-off pulling image "172.30.84.25:5000/default/arix@sha256:d326
.我已经确认可以使用docker pull
来将带有标签的图像拉出.
The application just won't start. The pod is not trying to run the container. From the Event page, I have got Back-off pulling image "172.30.84.25:5000/default/arix@sha256:d326
. I have verified that I can pull the image with the tag with docker pull
.
我还检查了最后一个容器的日志.由于某种原因,它被关闭了.我认为pod至少应尝试重新启动它.
I have also checked the log of the last container. It was closed for some reason. I think the pod should at least try to restart it.
我已经没有足够的想法来调试问题了.我还能检查什么?
I have run out of ideas to debug the issues. What can I check more?
推荐答案
您可以使用" 描述容器 "语法
You can use the 'describe pod' syntax
对于OpenShift,请使用:
oc describe pod <pod-id>
对于香草Kubernetes:
kubectl describe pod <pod-id>
检查输出事件. 在我的情况下,它显示 后退拉图像coredns/coredns:latest
Examine the events of the output. In my case it shows Back-off pulling image coredns/coredns:latest
在这种情况下,无法从Internet提取图像coredns/coredns:latest.
In this case the image coredns/coredns:latest can not be pulled from the Internet.
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
5m 5m 1 {default-scheduler } Normal Scheduled Successfully assigned coredns-4224169331-9nhxj to 192.168.122.190
5m 1m 4 {kubelet 192.168.122.190} spec.containers{coredns} Normal Pulling pulling image "coredns/coredns:latest"
4m 26s 4 {kubelet 192.168.122.190} spec.containers{coredns} Warning Failed Failed to pull image "coredns/coredns:latest": Network timed out while trying to connect to https://index.docker.io/v1/repositories/coredns/coredns/images. You may want to check your internet connection or if you are behind a proxy.
4m 26s 4 {kubelet 192.168.122.190} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "coredns" with ErrImagePull: "Network timed out while trying to connect to https://index.docker.io/v1/repositories/coredns/coredns/images. You may want to check your Internet connection or if you are behind a proxy."
4m 2s 7 {kubelet 192.168.122.190} spec.containers{coredns} Normal BackOff Back-off pulling image "coredns/coredns:latest"
4m 2s 7 {kubelet 192.168.122.190} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "coredns" with ImagePullBackOff: "Back-off pulling image \"coredns/coredns:latest\""
其他调试步骤
- 尝试拉动docker映像并在计算机上手动标记
- 通过执行"kubectl/oc get pods -o wide"来识别节点
- ssh进入无法拉出docker映像的节点(如果可以)
- 检查节点是否可以通过执行ping操作来解析docker注册表的DNS.
- 尝试在节点上手动拉docker镜像
- 如果您使用的是私人注册表,请检查您的 swenzel 6一些注册表具有限制IP地址访问的防火墙.防火墙可能会阻止拉动
- 某些配置项使用临时docker机密创建部署.因此,秘密会在几天后过期(您正在要求生产失败...)
- try to pull the docker image and tag manually on your computer
- Identify the node by doing a 'kubectl/oc get pods -o wide'
- ssh into the node (if you can) that can not pull the docker image
- check that the node can resolve the DNS of the docker registry by performing a ping.
- try to pull the docker image manually on the node
- If you are using a private registry, check that your secret exists and the secret is correct. Your secret should also be in the same namespace. Thanks swenzel 6 Some registries have firewalls that limit ip address access. The firewall may block the pull
- Some CIs create deployments with temporary docker secrets. So the secret expires after a few days (You are asking for production failures...)
这篇关于如何调试"ImagePullBackOff"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!