RANCHER 2.10.0 安装部署local 节点服务无法启动

小丸子dbz · 2025 年11 月 27 日 06:16

执行 docker run -d --name=rancher-server --restart=unless-stopped --privileged -p 18889:80 -p 18443:443 -e CATTLE_SYSTEM_DEFAULT_REGISTRY=hsmss.mydomain.com
-v /opt/rancher:/var/lib/rancher hsmss.mydomain.com/rancher/rancher:v2.10.0 成功登录rancher平台，查看local 节点的服务报错如下，获取不到harbor:/rancher/shell:v0.3.0 ,harbor是包含这个镜像的，直接执行docker pull 是可以拉取的

然后创建集群报错

排查了harbor 的确不存在rancher/mirrored-cluster-api-webhook:v1.8.3 这个镜像，镜像是从阿里云下载 rancher-images.txt 的镜像，网站获取的所有的 rancher-images.txt 然后推送到本地harbor,这个harbor里面并没有rancher/mirrored-cluster-api-webhook:v1.8.3 这个镜像，不知道是不是官方提供错误了还是咋样，如何获取这个镜像

小丸子dbz · 2025 年11 月 27 日 06:38

补充一下部分日志，第二步的报错，大概率是因为第一个核心组件服务没有启动导致的，但是这个本地的harbor 是完全存在rancher/shell:v0.3.0 ，而且操作系统直接拉取是可以成功的，为什么容器会无法拉取呢bash-4.4# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cattle-system helm-operation-4df5k 0/2 Init:ImagePullBackOff 0 24m
cattle-system helm-operation-4djpz 0/2 Init:ImagePullBackOff 0 19m
cattle-system helm-operation-5n8pp 0/2 Init:ImagePullBackOff 0 15m
cattle-system helm-operation-6rjqg 0/2 Init:ImagePullBackOff 0 16m
cattle-system helm-operation-bnbj7 0/2 Init:ImagePullBackOff 0 17m
cattle-system helm-operation-dv27t 0/2 Init:ImagePullBackOff 0 18m
cattle-system helm-operation-gmgjd 0/2 Init:ImagePullBackOff 0 14m
cattle-system helm-operation-mk5wk 0/2 Init:ImagePullBackOff 0 22m
cattle-system helm-operation-vj66z 0/2 Init:ImagePullBackOff 0 23m
cattle-system helm-operation-zc9ln 0/2 Init:ImagePullBackOff 0 21m
fleet-default rke2-machineconfig-cleanup-cronjob-29401925-tltbp 0/1 ImagePullBackOff 0 30h
fleet-default rke2-machineconfig-cleanup-cronjob-29403365-fwsc2 0/1 ImagePullBackOff 0 6h4m
kube-system coredns-56f6fc8fd7-vbphw 1/1 Running 1 (29h ago) 46h kubectl describe pod -n cattle-system helm-operation-4df5k
查看服务事件 Events:
Type Reason Age From Message

Normal Scheduled 28m default-scheduler Successfully assigned cattle-system/helm-operation-4df5k to local-node
Normal Pulling 27m (x4 over 28m) kubelet Pulling image “XXXX.mydomain.com/rancher/shell:v0.3.0”
Warning Failed 27m (x4 over 28m) kubelet Failed to pull image “XXXX.mydomain.com/rancher/shell:v0.3.0”: failed to pull and unpack image “XXXX.mydomain.com/rancher/shell:v0.3.0”: failed to resolve reference “XXXX.mydomain.com/rancher/shell:v0.3.0”: unable to read CERT file “/etc/docker/certs.d/XXXX.mydomain.com/ca.crt”: open /etc/docker/certs.d/XXXX.mydomain.com/ca.crt: no such file or directory
Warning Failed 27m (x4 over 28m) kubelet Error: ErrImagePull
Warning Failed 27m (x6 over 28m) kubelet Error: ImagePullBackOff
Normal BackOff 3m54s (x108 over 28m) kubelet Back-off pulling image “XXXX.mydomain.com/rancher/shell:v0.3.0”

ksd · 2025 年11 月 27 日 08:25

docker run 启动的 rancher，容器里内置了一个 K3s 来支撑 rancher 的运行，也就是你在 UI 上看见的 local 集群。

日志提示 rancher/shell 镜像拉取失败，你想测试的话，需要 exec 到容器里，然后 crictl pull 去验证。

小丸子dbz · 2025 年11 月 28 日 08:56

[root@hymranwork certs.d]# docker run -d --name=rancher-server --restart=unless-stopped --privileged -p 18889:80 -p 18443:443 -e CATTLE_SYSTEM_DEFAULT_REGISTRY=hsmss.mydomain.com -v /opt/rancher:/var/lib/rancher -v /opt/rancher/k3s/registries.yaml:/etc/rancher/k3s/registries.yaml -v /opt/rancher/k3s/certs.d/hsmss.mydomain.com.crt:/etc/docker/certs.d/hsmss.mydomain.com/ca.crt –
add-host hsmss.mydomain.com:172.XX.XX.XX hsmss.mydomain.com/rancher/rancher:v2.10.0
95055352ee09aa3f3132da20f8cf31840a5b4d2954379184f38ec52462102921
[root@hymranwork certs.d]# docker exec -it rancher-server /bin/bash
bash-4.4# crictl pull hsmss.mydomain.com/rancher/shell:v0.3.0
WARN[0000] image connect using default endpoints: [unix:///run/k3s/containerd/containerd.sock unix:///var/run/dockershim.sock unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead.
E1128 08:31:38.044721 2585 log.go:32] “PullImage from image service failed” err=“rpc error: code = Unknown desc = failed to pull and unpack image "hsmss.mydomain.com/rancher/shell:v0.3.0": failed to resolve reference "hsmss.mydomain.com/rancher/shell:v0.3.0": unable to read CERT file "/var/lib/rancher/k3s/agent/etc/containerd/certs.d/hsmss.mydomain.com": read /var/lib/rancher/k3s/agent/etc/containerd/certs.d/hsmss.mydomain.com: is a directory” image=“hsmss.mydomain.com/rancher/shell:v0.3.0”
FATA[0000] pulling image: failed to pull and unpack image “hsmss.mydomain.com/rancher/shell:v0.3.0”: failed to resolve reference “hsmss.mydomain.com/rancher/shell:v0.3.0”: unable to read CERT file “/var/lib/rancher/k3s/agent/etc/containerd/certs.d/hsmss.mydomain.com”: read /var/lib/rancher/k3s/agent/etc/containerd/certs.d/hsmss.mydomain.com: is a directory
bash-4.4#