Lab 3.2 - Why simpleapp image do not persists in local docker repository

suser

Hello!

Lab 3.2 - Why simpleapp tagged image do not persists in local docker repository after rebooting the master node?
curl server-ip:5000/v2/ also is not responding, so probably the repository server do not persists. Is there any way to fix this - to have all
services running after rebooting the node and to continue the lab were I exited from?

~$ kubectl get pods,svc,pvc,pv,deployment
NAME READY STATUS RESTARTS AGE
pod/nginx-595f85746d-w8khf 1/1 Running 4 2d23h
pod/registry-cbc9b4779-nhf5f 1/1 Running 4 2d23h
pod/try1-7f766ff65-7x79x 0/1 ImagePullBackOff 0 19h
pod/try1-7f766ff65-fpzpx 0/1 ImagePullBackOff 0 19h
pod/try1-7f766ff65-hq7ql 0/1 ImagePullBackOff 0 19h
pod/try1-7f766ff65-j7nh2 0/1 ImagePullBackOff 0 19h
pod/try1-7f766ff65-vzcsk 0/1 ImagePullBackOff 0 19h
pod/try1-7f766ff65-x646d 0/1 ImagePullBackOff 0 19h

Stefan

suser

Chris
All services ran correctly.
(copied now, but shown the same IP when problem existed):
service/kubernetes ClusterIP 10.96.0.1 443/TCP 7d16h
service/nginx ClusterIP 10.96.242.252 443/TCP 3d17h
service/registry ClusterIP 10.107.241.131 5000/TCP 3d17h

Surprisingly after tackling the "sudo docker-compose up" command and recreating the images & tags the pods were pulling the image successfully, but this looks like a random luck, not a fix. (before re running the docker-compose up command apparently the docker daemon didn't ran or didn't run correctly). The yaml files and daemon json files were left unchanged.
My IP shown for registry service was the same initially given IP.

Is there a way I can improve docker daemon behavior per my issue?
Is there a way to manipulate calico for a static IP?

Thank again.

Stefan

chrispokorni

Hi Stefan,

You can disregard my response about the Service IP. It was based on the limited amount of information from the previous post, while you were submitting your detailed output.

Although exploring the static IP capability of calico is outside of the scope of this course, you can always try it on your own based on calico's official documentation:
https://docs.projectcalico.org/v3.10/networking/

Regards,
-Chris

suser

More details regarding my question:
One failed pod description:

$ kubectl describe pod try1-7f766ff65-x646d
Name: try1-7f766ff65-x646d
Namespace: default
Priority: 0
Node: kw1/10.1.10.31
Start Time: Tue, 07 Apr 2020 01:46:05 +0000
Labels: app=try1
pod-template-hash=7f766ff65
Annotations: cni.projectcalico.org/podIP: 192.168.159.102/32
Status: Pending
IP: 192.168.159.102
IPs:
IP: 192.168.159.102
Controlled By: ReplicaSet/try1-7f766ff65
Containers:
simpleapp:
Container ID:
Image: 10.107.241.131:5000/simpleapp:latest
Image ID:
Port:
Host Port:
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Readiness: exec [cat /tmp/healthy] delay=0s timeout=1s period=5s #success=1 #failure=3
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-zqbsw (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-zqbsw:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-zqbsw
Optional: false
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 25h default-scheduler Successfully assigned default/try1-7f766ff65-x646d to kw1
Normal Pulling 25h kubelet, kw1 Pulling image "10.107.241.131:5000/simpleapp:latest"
Normal Pulled 25h kubelet, kw1 Successfully pulled image "10.107.241.131:5000/simpleapp:latest"
Normal Created 25h kubelet, kw1 Created container simpleapp
Normal Started 25h kubelet, kw1 Started container simpleapp
Warning Unhealthy 25h (x120 over 25h) kubelet, kw1 Readiness probe failed: cat: /tmp/healthy: No such file or directory
Warning FailedCreatePodSandBox 4m48s kubelet, kw1 Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "3c107122748a2d99f9f89e92d960d939c29392fbf94f28761c1cdce66240b844" network for pod "try1-7f766ff65-x646d": networkPlugin cni failed to set up pod "try1-7f766ff65-x646d_default" network: error getting ClusterInformation: Get https://[10.96.0.1]:443/apis/crd.projectcalico.org/v1/clusterinformations/default: dial tcp 10.96.0.1:443: i/o timeout
Normal SandboxChanged 4m47s kubelet, kw1 Pod sandbox changed, it will be killed and re-created.
Warning Failed 4m32s kubelet, kw1 Failed to pull image "10.107.241.131:5000/simpleapp:latest": rpc error: code = Unknown desc = Error response from daemon: Get http://10.107.241.131:5000/v2/: dial tcp 10.107.241.131:5000: connect: no route to host
Normal BackOff 3m15s (x5 over 4m31s) kubelet, kw1 Back-off pulling image "10.107.241.131:5000/simpleapp:latest"
Normal Pulling 3m2s (x4 over 4m45s) kubelet, kw1 Pulling image "10.107.241.131:5000/simpleapp:latest"
Warning Failed 3m2s (x4 over 4m32s) kubelet, kw1 Error: ErrImagePull
Warning Failed 3m2s (x3 over 4m19s) kubelet, kw1 Failed to pull image "10.107.241.131:5000/simpleapp:latest": rpc error: code = Unknown desc = Error response from daemon: manifest for 10.107.241.131:5000/simpleapp:latest not found: manifest unknown: manifest unknown
Warning Failed 2m47s (x6 over 4m31s) kubelet, kw1 Error: ImagePullBackOff
vio@kmaster:/localdocker$ kubectl describe pod try1-7f766ff65-x646d

chrispokorni

Hi Stefan,

Curling the node-IP:5000/v2/ will not do you any good.

What you are experiencing is normal expected Kubernetes behavior. The local registry is exposed via a service, which is assigned a dynamic virtual private IP address. That is the address you retrieved in lab exercise 3.2 step 20, and then used to setup the /etc/docker/daemon.json files on both nodes (steps 22 and 29).

That being a dynamic IP, once you restart the node, a new IP may be assigned to the same service, while your registry is still configured with the old IP, therefore Docker is not able to reach the new registry service.

I suggest revisiting steps 20-23 and 29 to update the local registry address for the docker daemons.

This assumes that all other artifacts are restarted as expected: volumes, claims, deployments, pods, services.

Regards,
-Chris

chrispokorni

Thank you for the detailed output.

If you look carefully at the output, it tells you that there is an i/o timeout. Something may be blocking some of the traffic between your worker and the master nodes.

Are both kubelet services running after the reboot?

Regards,
-Chris

suser

Hello,

All my services are running after the reboot. Apparently only the docker daemon fails.

Stefan