kubernetes-pod-infrastructure:latest

解决方法：试试通过手动下载

docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest

docker pull 是还是报错

open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory

查看下redhat-ca.crt确实不存在，registry.access.redhat.com/rhel7/pod-infrastructure:latest默认是https下载。

最终解决方案：

1.docker search pod-infrastructure

2. 可使用：

docker.io   docker.io/tianyebj/pod-infrastructure               registry.access.redhat.com/rhel7/pod-infra...   2

3. 修改配置文件

cat /etc/kubernetes/kubelet

# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/tianyebj/pod-infrastructure:latest"

4. 重启kubernetes服务

master:

for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done　　　　　　

node:

for SERVICES in kube-proxy kubelet docker; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done

二、 网络部分

yum -y install flannel

修改配置文件/etc/sysconfig/flannel

[root@host-10-0-197-18 flannel]# cat /etc/sysconfig/flanneld
# Flanneld configuration options

# etcd url location. Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://master:2379"

# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"

# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
FLANNEL_OPTIONS="-iface=eth0"

2. 配置 etcdctl

etcdctl mkdir /atomic.io/network

etcdctl mk /kube-centos/network/config "{ \"Network\": \"172.30.0.0/16\", \"SubnetLen\": 24, \"Backend\": { \"Type\": \"vxlan\" } }"

3. 重启所有服务

三、  service account

报错信息： Error from server (ServerTimeout): error when creating "busybox.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account

方式一：禁用ServiceAccount

编辑/etc/kubenetes/apiserver： 
将以下这行中的ServiceAccount删除即可 
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" 
改为： 
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

这种方式比较粗暴，可能会遇到必须要用ServiceAccount的情况。

方式二：配置ServiceAccount

1、首先生成密钥： 
openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048

2、编辑/etc/kubenetes/apiserver 
添加以下内容： 
KUBE_API_ARGS="--service_account_key_file=/etc/kubernetes/serviceaccount.key"

3、再编辑/etc/kubernetes/controller-manager 
添加以下内容： 
KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/etc/kubernetes/serviceaccount.key"

最后无论是哪种解决方式都需要再重启kubernetes服务： 
systemctl restart etcd kube-apiserver kube-controller-manager kube-scheduler

#/bin/bash
echo "hello"