当前位置: 首页 > 知识库问答 >
问题:

Kubernetes pods无法更新基于debian的存储库

潘安平
2023-03-14

库伯内特斯的 pod 无法更新基于 Debian 的存储库。

我已经在下面的步骤中设置了k8s集群。

使用Kubernetes官方链接

>

  • https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

    https://kubernetes . io/docs/setup/production-environment/tools/kube ADM/create-cluster-kube ADM/

    https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/

    
       sudo apt update
       sudo apt install docker.io
       sudo apt-get update
       sudo swapoff -a
       sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
    
       sudo apt-get update
       sudo apt-get install -y apt-transport-https ca-certificates curl
       sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
       echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
       sudo apt-get update
       sudo apt-get install -y kubelet kubeadm kubectl
       sudo apt-mark hold kubelet kubeadm kubectl
       cat <<EOF | sudo tee /etc/docker/daemon.json
    {
      "exec-opts": ["native.cgroupdriver=systemd"],
      "log-driver": "json-file",
      "log-opts": {
        "max-size": "100m"
      },
      "storage-driver": "overlay2"
    }
    EOF
    
       sudo systemctl enable docker
       sudo systemctl daemon-reload
       sudo systemctl restart docker
       
       ## Just in the master node
       sudo kubeadm init  --pod-network-cidr=10.244.0.0/16
       
       sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
       sudo chown $(id -u):$(id -g) $HOME/.kube/config
       kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml 
    
    
    # Deployed below nginx specs
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: nginx
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: nginx
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
            - name: nginx
              image: nginx
              ports:
                - containerPort: 80 
    ---
    
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx
      labels:
        app: nginx
    spec:
      type: ClusterIP
      selector:
       app: nginx
      ports:
        - port: 8080
          targetPort: 80
          name: nginx-http
    
    
    kubectl apply -f nginx.yaml
    
    kubectl exec -it nginx-56bcb5bb6c-ts7l2  -- bash
    
    After running update from inside pod, throws below errors.
    root@nginx-56bcb5bb6c-ts7l2:/# apt update
    
    
    Get:1 http://security.debian.org/debian-security bullseye-security InRelease
    Get:2 http://deb.debian.org/debian bullseye InRelease
    Get:3 http://deb.debian.org/debian bullseye-updates InRelease
    Err:1 http://security.debian.org/debian-security bullseye-security InRelease
      Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
    Err:2 http://deb.debian.org/debian bullseye InRelease
      Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
    Err:3 http://deb.debian.org/debian bullseye-updates InRelease
      Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
    Reading package lists... Done
    N: See apt-secure(8) manpage for repository creation and user configuration details.
    N: Updating from such a repository can't be done securely, and is therefore disabled by default.
    E: The repository 'http://security.debian.org/debian-security bullseye-security InRelease' is no longer signed.
    E: Failed to fetch http://security.debian.org/debian-security/dists/bullseye-security/InRelease  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
    E: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
    E: The repository 'http://deb.debian.org/debian bullseye InRelease' is no longer signed.
    N: Updating from such a repository can't be done securely, and is therefore disabled by default.
    N: See apt-secure(8) manpage for repository creation and user configuration details.
    E: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
    E: The repository 'http://deb.debian.org/debian bullseye-updates InRelease' is no longer signed.
    N: Updating from such a repository can't be done securely, and is therefore disabled by default.
    N: See apt-secure(8) manpage for repository creation and user configuration details.
    
    root@nginx-56bcb5bb6c-ts7l2:/# 
    
    Below is the version of the Kubernetes cluster.
    
    osboxes@k-master:~$ kubectl version
    WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short.  Use --output=yaml|json to get the full version.
    Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.2", GitCommit:"f66044f4361b9f1f96f0053dd46cb7dce5e990a8", GitTreeState:"clean", BuildDate:"2022-06-15T14:22:29Z", GoVersion:"go1.18.3", Compiler:"gc", Platform:"linux/amd64"}
    Kustomize Version: v4.5.4
    Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.2", GitCommit:"f66044f4361b9f1f96f0053dd46cb7dce5e990a8", GitTreeState:"clean", BuildDate:"2022-06-15T14:15:38Z", GoVersion:"go1.18.3", Compiler:"gc", Platform:"linux/amd64"}
    
    osboxes@k-master:~$ kubectl version --short
    Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
    Client Version: v1.24.2
    Kustomize Version: v4.5.4
    Server Version: v1.24.2
    
    

    为什么这些错误来自pod内部,而来自主机节点的apt更新运行良好?

  • 共有1个答案

    邵伟泽
    2023-03-14

    似乎网络的问题是网络是否需要身份验证

    请使用另一个网络进行检查,因为我能够从容器中运行apt更新命令。

    $ kubectl run mginx --rm -i --tty --restart=Never --image=nginx -- /bin/sh
    If you don't see a command prompt, try pressing enter.
    
    #
    #
    #
    # id
    uid=0(root) gid=0(root) groups=0(root)
    # apt update
    Get:1 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]
    Get:2 http://deb.debian.org/debian bullseye InRelease [116 kB]
    Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB]
    Get:4 http://security.debian.org/debian-security bullseye-security/main amd64 Packages [154 kB]
    Get:5 http://deb.debian.org/debian bullseye/main amd64 Packages [8182 kB]
    Get:6 http://deb.debian.org/debian bullseye-updates/main amd64 Packages [2592 B]
    Fetched 8539 kB in 1s (7158 kB/s)
    Reading package lists... Done
    Building dependency tree... Done
    Reading state information... Done
    1 package can be upgraded. Run 'apt list --upgradable' to see it.
    #
    
     类似资料:
    • 我已经在我的本地Gitlab服务器上创建了一个远程存储库,我试图推送本地内容,但它要求我提供通行证,但现在是为我的用户 我试过使用我的用户通行证和根通行证,但不起作用,通行证要求什么??

    • 我是unix系统的新手,目前在libs更新方面遇到了问题。我真的不知道如何将库Boost更新到1.55版。 我尝试过这种方式,但加速系统版本返回1.48。 我还尝试了

    • 本文向大家介绍PHP基于文件存储实现缓存的方法,包括了PHP基于文件存储实现缓存的方法的使用技巧和注意事项,需要的朋友参考一下 本文实例讲述了PHP基于文件存储实现缓存的方法。分享给大家供大家参考。具体如下: 在一些数据库数据记录较大,但是服务器有限的时候,可能一条MySQL查询就会好几百毫秒,一个简单的页面一般也有十几条查询,这个时候也个页面加载下来基本要好几秒了,如果并发量高的话服务器基本就瘫

    • 我不明白为什么不更新我的对象。在另一个组件中,我通过调度更新状态。在此情况下(在下面的代码中),mapStateToProps类别中的代码正在更改(控制台日志显示另一个类别)。但组件并没有重播,虽然在组件中我使用了道具。类别。事件控制台。登录元素未运行 我认为,如果我更新状态,则根据该状态更新组件。它应该如何工作?它应该如何工作?它可能很有用,添加类别的项不是父项或子项,而是邻居 谢谢你解决问题。

    • W:存储库“http://deb.debian.org/debian 拉伸发布”没有发布文件。 W:存储库http://deb.debian.org/debian拉伸更新版本没有发布文件。 E:无法获取http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages404未找到 E:无法获取http://cdn-fastly

    • 问题内容: 我正在使用MySQL和Engine InnoDB。我有一个SQL表(简体),其中包含4列,如您在这张图片中看到的: 当需求的状态变为“完成”时,我希望其优先级为空,并且所有具有上述优先级的需求都将递减。 例如,如果第二个需求:“面包”为“完成”,则其优先级将设置为空,并且我希望“黄油”的优先级为2,“果酱”的优先级为3。 我有这个触发条件: 但是,当我从“进行中”到“完成”的状态编辑行