Kubernetes install using kubespray

7/3/2018

I Want to install Kubernetes using Kubespray

TASK [download : container_download | Download containers if pull is required or told to always pull (all nodes)] **********************************************************
Tuesday 03 July 2018  14:30:59 +0600 (0:00:00.042)       0:00:59.584 **********
FAILED - RETRYING: container_download | Download containers if pull is required or told to always pull (all nodes) (4 retries left).
FAILED - RETRYING: container_download | Download containers if pull is required or told to always pull (all nodes) (4 retries left).
FAILED - RETRYING: container_download | Download containers if pull is required or told to always pull (all nodes) (3 retries left).
FAILED - RETRYING: container_download | Download containers if pull is required or told to always pull (all nodes) (3 retries left).
FAILED - RETRYING: container_download | Download containers if pull is required or told to always pull (all nodes) (2 retries left).
FAILED - RETRYING: container_download | Download containers if pull is required or told to always pull (all nodes) (2 retries left).
FAILED - RETRYING: container_download | Download containers if pull is required or told to always pull (all nodes) (1 retries left).
FAILED - RETRYING: container_download | Download containers if pull is required or told to always pull (all nodes) (1 retries left).
fatal: [kz-k8snd02]: FAILED! => {"attempts": 4, "changed": true, "cmd": ["/usr/bin/docker", "pull", "gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.10"], "delta": "0:00:32.324328", "end": "2018-07-03 14:34:03.278500", "msg": "non-zero return code", "rc": 1, "start": "2018-07-03 14:33:30.954172", "stderr": "error pulling image configuration: Get https://storage.googleapis.com/artifacts.google-containers.appspot.com/containers/images/sha256:8a7739f672b49db46e3a8d5cdf54df757b7559a00db9de210b4af1aa3397020f: dial tcp 74.125.205.128:443: i/o timeout", "stderr_lines": ["error pulling image configuration: Get https://storage.googleapis.com/artifacts.google-containers.appspot.com/containers/images/sha256:8a7739f672b49db46e3a8d5cdf54df757b7559a00db9de210b4af1aa3397020f: dial tcp 74.125.205.128:443: i/o timeout"], "stdout": "1.14.10: Pulling from google_containers/k8s-dns-sidecar-amd64\nff3a5c916c92: Already exists\n0bdda6b26fc8: Pulling fs layer", "stdout_lines": ["1.14.10: Pulling from google_containers/k8s-dns-sidecar-amd64", "ff3a5c916c92: Already exists", "0bdda6b26fc8: Pulling fs layer"]}
fatal: [kz-k8snd01]: FAILED! => {"attempts": 4, "changed": true, "cmd": ["/usr/bin/docker", "pull", "gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.10"], "delta": "0:00:32.528633", "end": "2018-07-03 14:34:11.672541", "msg": "non-zero return code", "rc": 1, "start": "2018-07-03 14:33:39.143908", "stderr": "error pulling image configuration: Get https://storage.googleapis.com/artifacts.google-containers.appspot.com/containers/images/sha256:8a7739f672b49db46e3a8d5cdf54df757b7559a00db9de210b4af1aa3397020f: dial tcp 74.125.205.128:443: i/o timeout", "stderr_lines": ["error pulling image configuration: Get https://storage.googleapis.com/artifacts.google-containers.appspot.com/containers/images/sha256:8a7739f672b49db46e3a8d5cdf54df757b7559a00db9de210b4af1aa3397020f: dial tcp 74.125.205.128:443: i/o timeout"], "stdout": "1.14.10: Pulling from google_containers/k8s-dns-sidecar-amd64\nff3a5c916c92: Already exists\n0bdda6b26fc8: Pulling fs layer", "stdout_lines": ["1.14.10: Pulling from google_containers/k8s-dns-sidecar-amd64", "ff3a5c916c92: Already exists", "0bdda6b26fc8: Pulling fs layer"]}

NO MORE HOSTS LEFT *********************************************************************************************************************************************************
        to retry, use: --limit @/root/kubespray/cluster.retry

Kubespray version 2.5.0

How to solve a problem?

-- Yerlan
kubernetes
kubespray

1 Answer

8/31/2018

In your output, "dial tcp 74.125.205.128:443: i/o timeout", which means that you have a network problem connecting to this IP. Maybe you're in a private network that do not have Internet access or in some place that blocked the Google services(such as China).

Since the kubespray is an ansile project , there are two ways to solve this:

1. Download the images from other mirror sites

such as the Alibaba Cloud(largest cloud provider in China). Docker images are all here: https://dev.aliyun.com/search.html

The image url of google_containers/k8s-dns-sidecar-amd64:
https://dev.aliyun.com/detail.html?spm=5176.1972343.2.2.CvJhAO&repoId=44875

You can pull the image and retag it and then you can use it locally:

  docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-sidecar-amd64:1.14.10
  docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-sidecar-amd64:1.14.10 gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.10

But there are so many images, and you may have many k8s nodes, that's a great Job!
So, will have another method.

2. Take advantages of ansible roles

All variables defined in roles CAN BE OVERWIRTEN.

find all image_repo of Google Cloud Registry in roles/download/defaults/main.yml:

grep "image_repo:" ./roles/download/defaults/main.yml | grep "gcr.io" 

then put them in a file vars.yaml or some other name, replace gcr.io with registry.cn-hangzhou.aliyuncs.com:

mkdir -p inventory/mycluster/group_vars/k8s-cluster  

mv inventory/mycluster/group_vars/k8s-cluster.yml inventory/mycluster/group_vars/  

cat > inventory/mycluster/group_vars/k8s-cluster/vars.yml << EOF
hyperkube_image_repo: "registry.cn-hangzhou.aliyuncs.com/google-containers/hyperkube"
pod_infra_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64"
kubedns_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-kube-dns-amd64"
dnsmasq_nanny_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-dnsmasq-nanny-amd64"
dnsmasq_sidecar_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-sidecar-amd64"
dnsmasqautoscaler_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/cluster-proportional-autoscaler-amd64"
kubednsautoscaler_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/cluster-proportional-autoscaler-amd64"
elasticsearch_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/elasticsearch"
fluentd_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/fluentd-elasticsearch"
kibana_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/kibana"
tiller_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubernetes-helm/tiller"
registry_proxy_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/kube-registry-proxy"
ingress_nginx_default_backend_image_repo: "registry.cn-hangzhou.aliyuncs.com/google_containers/defaultbackend"
EOF

Finally, run your playbook

ansible-playbook -i inventory/mycluster/hosts.ini cluster.yml

Similarly, if you can not download images from Docker Hub, you should change the image url of Docker Hub and add them to the vars.yaml and rerun your playbook:

istio_statsd_image_repo: registry.docker-cn.com/prom/statsd-exporter
install_socat_image_repo: registry.docker-cn.com/"xueshanf/install-socat"
weave_kube_image_repo: registry.docker-cn.com/"weaveworks/weave-kube"
weave_npc_image_repo: registry.docker-cn.com/"weaveworks/weave-npc"
contiv_image_repo: registry.docker-cn.com/"contiv/netplugin"
contiv_auth_proxy_image_repo: registry.docker-cn.com/"contiv/auth_proxy"
nginx_image_repo: registry.docker-cn.com/nginx
dnsmasq_image_repo: registry.docker-cn.com/"andyshinn/dnsmasq"
test_image_repo: registry.docker-cn.com/busybox
helm_image_repo: registry.docker-cn.com/"lachlanevenson/k8s-helm"
vault_image_repo: registry.docker-cn.com/"vault"
registry_image_repo: registry.docker-cn.com/"registry"

The above methods aren't the best way to donwload images in network blocked areas. The best way is to have a VPS and set a proxy using docker registry or neuxs 3.x, and make it proxy all image repo of https://gcr.iohttps://quay.io and https://registry-1.docker.io.

-- NOZUONOHIGH
Source: StackOverflow