Rancher Turtles 相关的镜像拉取问题该怎么解决呢?看文档说rancher 2.13版本开始默认嵌入了,可是用了 如何使用国内资源安装 K3s - #4,来自 2sadeggs 论坛上的方法修改镜像源,但是 Rancher Turtles 相关的镜像源没法修改。要怎么处理呢??
我尝试通过将rancher-turtles charts的yaml文件下载到本地进行之后,通过 helm upgrade rancher-turtles ./ -n cattle-turtles-system --force --debug也没有办法解决,因为 rancher-turtles 是 rancher 内部控制的,原理同为 K3s 和 RKE2 配置 Mirror 不能直接更改 containerd 的配置文件,而是修改相关 K3s 或 RKE2 的配置文件,让其自动生成。
尝试过删除rancher-turtles也无果,因为有定时任务会自动重建。因此到这里来咨询了。烦大佬帮忙处理一下!!!
大佬,你发的这个帖子中并没有说明 如何修改 rancher 附加组件的国内镜像,我是先按照你的博客 https://kingsd.top/2025/08/11/simple-ha/ 创建的3节点k3s高可用集群,然后结合rancher官方说明 Helm CLI 快速入门 | Rancher 和 如何使用国内资源安装 K3s 这个帖子的安装步骤 进行安装的,部署之后最终的情况如下
# 创建rancher集群的命令
helm install rancher rancher-latest/rancher \
--namespace cattle-system \
--set hostname=rancher.ssip.io \
--set service.type=NodePort \
--set bootstrapPassword=886c7f5ca597c48b971b129060637e6c \
--set rancherImage=registry.cn-hangzhou.aliyuncs.com/rancher/rancher \
--set systemDefaultRegistry=registry.cn-hangzhou.aliyuncs.com
#####
jtxiao@server-01:~$ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cattle-fleet-local-system fleet-agent-7669bbbb55-6m8nw 1/1 Running 0 17h
cattle-fleet-system fleet-controller-6b877f69bd-k2xv8 3/3 Running 0 17h
cattle-fleet-system gitjob-5978d99ff9-p4hkm 1/1 Running 0 17h
cattle-fleet-system helmops-7c88655c4d-bjvwp 1/1 Running 0 17h
cattle-system helm-operation-zpnbf 1/2 Error 0 39m
cattle-system rancher-68fb6dfd9d-7s5gw 1/1 Running 0 18h
cattle-system rancher-68fb6dfd9d-gqc6h 1/1 Running 0 18h
cattle-system rancher-68fb6dfd9d-kk4cx 1/1 Running 0 18h
cattle-system rancher-webhook-fb877d796-xx72r 1/1 Running 0 17h
cattle-turtles-system rancher-clusterctl-configmap-cleanup-t7vlk 0/1 ImagePullBackOff 0 38m
cattle-turtles-system rancher-turtles-controller-manager-6cb8559fb-w2cv8 1/1 Running 144 (6m44s ago) 17h
kube-system coredns-656cc5d5bb-fcgk7 1/1 Running 0 41h
kube-system helm-install-traefik-crd-jlwg7 0/1 Completed 0 41h
kube-system helm-install-traefik-wsp9s 0/1 Completed 2 41h
kube-system local-path-provisioner-86986bc85c-sptdn 1/1 Running 0 41h
kube-system metrics-server-64f5cd9f57-jd9g8 1/1 Running 0 41h
kube-system svclb-traefik-b1de8e61-fd2lw 2/2 Running 0 41h
kube-system svclb-traefik-b1de8e61-pzlvt 2/2 Running 0 41h
kube-system svclb-traefik-b1de8e61-sq6wx 2/2 Running 0 41h
kube-system traefik-768978fdfb-s2fr5 1/1 Running 0 41h
jtxiao@server-01:~$ kubectl describe pod rancher-clusterctl-configmap-cleanup-t7vlk -n cattle-turtles-system
Name: rancher-clusterctl-configmap-cleanup-t7vlk
Namespace: cattle-turtles-system
Priority: 0
Service Account: pre-upgrade-job
Node: server-03/192.168.11.139
Start Time: Thu, 04 Dec 2025 01:16:48 +0000
Labels: batch.kubernetes.io/controller-uid=e0e1d8ed-56ac-4193-a26c-4478da88948c
batch.kubernetes.io/job-name=rancher-clusterctl-configmap-cleanup
controller-uid=e0e1d8ed-56ac-4193-a26c-4478da88948c
job-name=rancher-clusterctl-configmap-cleanup
Annotations: <none>
Status: Pending
IP: 10.42.3.20
IPs:
IP: 10.42.3.20
Controlled By: Job/rancher-clusterctl-configmap-cleanup
Containers:
rancher-clusterctl-configmap-cleanup:
Container ID:
Image: registry.k8s.io/kubernetes/kubectl:v1.32.3
Image ID:
Port: <none>
Host Port: <none>
SeccompProfile: RuntimeDefault
Args:
delete
configmap
--namespace=cattle-turtles-system
clusterctl-config
--ignore-not-found=true
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-jcfvv (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-jcfvv:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
Optional: false
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 39m default-scheduler Successfully assigned cattle-turtles-system/rancher-clusterctl-configmap-cleanup-t7vlk to server-03
Warning Failed 36m (x3 over 39m) kubelet Failed to pull image "registry.k8s.io/kubernetes/kubectl:v1.32.3": failed to pull and unpack image "registry.k8s.io/kubernetes/kubectl:v1.32.3": failed to resolve reference "registry.k8s.io/kubernetes/kubectl:v1.32.3": failed to do request: Head "https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/kubernetes/kubectl/manifests/v1.32.3": dial tcp 173.194.202.82:443: connect: connection refused
Normal Pulling 35m (x5 over 39m) kubelet Pulling image "registry.k8s.io/kubernetes/kubectl:v1.32.3"
Warning Failed 35m (x5 over 39m) kubelet Error: ErrImagePull
Warning Failed 35m (x2 over 38m) kubelet Failed to pull image "registry.k8s.io/kubernetes/kubectl:v1.32.3": failed to pull and unpack image "registry.k8s.io/kubernetes/kubectl:v1.32.3": failed to resolve reference "registry.k8s.io/kubernetes/kubectl:v1.32.3": failed to do request: Head "https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/kubernetes/kubectl/manifests/v1.32.3": dial tcp 74.125.195.82:443: connect: connection refused
Normal BackOff 4m18s (x136 over 39m) kubelet Back-off pulling image "registry.k8s.io/kubernetes/kubectl:v1.32.3"
Warning Failed 4m18s (x136 over 39m) kubelet Error: ImagePullBackOff
说明目前2.13版本,相关的组件国内部署仍然还有部分设置无法被修改。请大佬指正
经过重现,这确实是产品的 bug,但是会在 2.13.1 修复:
参考:
https://github.com/rancher/rancher/issues/52855,https://github.com/rancher/rancher/issues/52816#issuecomment-3560265414
临时解决方案:
离线安装,或者指向固定的镜像仓库安装 rancher ,有 4 个镜像缺失,或者没根据 system-default-registry 的设置去走,所以作为比较简单的方法,可以手动 load 这些镜像。
比如我的 local 是k3s 集群,需要执行:
mkdir /var/lib/rancher/k3s/agent/images/
wget -O /var/lib/rancher/k3s/agent/images/capi-images.tar \
https://rancher-mirror.rancher.cn/rancher/v2.13.0/capi-images.tar
如果你用的是 rke2 作为 local 集群,可参考:Air-Gap Install | RKE2
如果你用的是其他 K8s 发行版,可参考 issue 中使用 ctr 进行 load image。
这样 就会启动 cattle-turtles-system 下的 pod。
但是 cattle-capi-system namespace 下有个 capi-controller-manager 还是会启动失败,但是错误原因不一样,所以处理方法不同,针对capi-controller-manager ,只需要 打个 tag 就行,比如我的报错:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 31m default-scheduler Successfully assigned cattle-capi-system/capi-controller-manager-b5655dbd6-vdw6c to demo-1
Normal Pulling 28m (x5 over 31m) kubelet Pulling image "registry.cn-hangzhou.aliyuncs.com/rancher/cluster-api-controller:v1.10.6"
Warning Failed 28m (x5 over 31m) kubelet Failed to pull image "registry.cn-hangzhou.aliyuncs.com/rancher/cluster-api-controller:v1.10.6": failed to pull and unpack image "registry.cn-hangzhou.aliyuncs.com/rancher/cluster-api-controller:v1.10.6": failed to resolve reference "registry.cn-hangzhou.aliyuncs.com/rancher/cluster-api-controller:v1.10.6": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
Warning Failed 28m (x5 over 31m) kubelet Error: ErrImagePull
Normal BackOff 83s (x130 over 31m) kubelet Back-off pulling image "registry.cn-hangzhou.aliyuncs.com/rancher/cluster-api-controller:v1.10.6"
Warning Failed 83s (x130 over 31m) kubelet Error: ImagePullBackOff
sudo ctr -n k8s.io images tag \
registry.cn-hangzhou.aliyuncs.com/rancher/mirrored-cluster-api-controller:v1.10.6 \
registry.cn-hangzhou.aliyuncs.com/rancher/cluster-api-controller:v1.10.6
之后,所有 pod 均启动:
root@demo-1:~# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cattle-capi-system capi-controller-manager-b5655dbd6-vdw6c 1/1 Running 0 39m
cattle-fleet-local-system fleet-agent-7669bbbb55-s565z 1/1 Running 2 (76m ago) 2d18h
cattle-fleet-system fleet-controller-6b877f69bd-56b7n 3/3 Running 6 (76m ago) 2d18h
cattle-fleet-system gitjob-5978d99ff9-hsll2 1/1 Running 2 (76m ago) 2d18h
cattle-fleet-system helmops-7c88655c4d-njgdz 1/1 Running 2 (76m ago) 2d18h
cattle-system rancher-85c956b79b-vf9wv 1/1 Running 5 (76m ago) 16h
cattle-system rancher-webhook-fb877d796-jzlrc 1/1 Running 2 (76m ago) 2d18h
cattle-system system-upgrade-controller-7df584b575-28zlm 1/1 Running 2 (76m ago) 15h
cattle-turtles-system rancher-turtles-controller-manager-6cb8559fb-x5flm 1/1 Running 124 (76m ago) 2d18h
cert-manager cert-manager-77b74755d9-49jx8 1/1 Running 20 (76m ago) 2d20h
cert-manager cert-manager-cainjector-65fcfd6ccf-q9dts 1/1 Running 3 (76m ago) 2d20h
cert-manager cert-manager-webhook-9b4dd78-gpfc9 1/1 Running 2 (76m ago) 2d20h
fleet-default rke2-machineconfig-cleanup-cronjob-29418725-md9n9 0/1 Completed 0 75m
kube-system coredns-656cc5d5bb-wvmxw 1/1 Running 2 (76m ago) 2d20h
kube-system helm-install-traefik-crd-l2d57 0/1 Completed 0 2d20h
kube-system helm-install-traefik-zt67j 0/1 Completed 2 2d20h
kube-system local-path-provisioner-86986bc85c-sbtr8 1/1 Running 2 (76m ago) 2d20h
kube-system metrics-server-64f5cd9f57-vkdqr 1/1 Running 2 (76m ago) 2d20h
kube-system svclb-traefik-3fdea869-chwjn 2/2 Running 4 (76m ago) 2d20h
kube-system traefik-768978fdfb-nz5pw 1/1 Running 2 (76m ago) 2d20h
root@demo-1:~#
root@demo-1:~#
root@demo-1:~# crictl images
IMAGE TAG IMAGE ID SIZE
docker.io/rancher/kuberlr-kubectl v5.0.0 61412322fa47b 252MB
registry.cn-hangzhou.aliyuncs.com/rancher/kuberlr-kubectl v5.0.0 61412322fa47b 252MB
quay.io/jetstack/cert-manager-cainjector v1.19.1 8c66cd13e7cb9 12.5MB
quay.io/jetstack/cert-manager-controller v1.19.1 4109010228500 23.5MB
quay.io/jetstack/cert-manager-startupapicheck v1.19.1 915d83199f5f5 11.8MB
quay.io/jetstack/cert-manager-webhook v1.19.1 e84128bd773c7 19.9MB
registry.cn-hangzhou.aliyuncs.com/cluster-api/cluster-api-controller v1.10.6 dcf93b3b9e338 86.4MB
registry.cn-hangzhou.aliyuncs.com/rancher/cluster-api-controller v1.10.6 dcf93b3b9e338 86.4MB
registry.cn-hangzhou.aliyuncs.com/rancher/mirrored-cluster-api-controller v1.10.6 dcf93b3b9e338 86.4MB
registry.k8s.io/cluster-api/cluster-api-controller v1.10.6 dcf93b3b9e338 86.4MB
registry.cn-hangzhou.aliyuncs.com/kubernetes/kubectl v1.32.3 85f79507283c1 18.8MB
registry.cn-hangzhou.aliyuncs.com/rancher/kubectl v1.32.3 85f79507283c1 18.8MB
registry.k8s.io/kubernetes/kubectl v1.32.3 85f79507283c1 18.8MB
registry.cn-hangzhou.aliyuncs.com/rancher/fleet-agent v0.14.0 9c94d7dddb091 26.8MB
registry.cn-hangzhou.aliyuncs.com/rancher/fleet v0.14.0 7f4512ae7a76f 112MB
registry.cn-hangzhou.aliyuncs.com/rancher/klipper-helm v0.9.10-build20251111 1d0854c41ff27 64.8MB
registry.cn-hangzhou.aliyuncs.com/rancher/klipper-lb v0.4.13 f7415d0003cb6 5.02MB
registry.cn-hangzhou.aliyuncs.com/rancher/kubectl v1.32.2 321959cf8e81d 17.3MB
registry.cn-hangzhou.aliyuncs.com/rancher/local-path-provisioner v0.0.32 cb584e17a5f4b 21.1MB
registry.cn-hangzhou.aliyuncs.com/rancher/mirrored-coredns-coredns 1.13.1 aa5e3ebc0dfed 23.6MB
registry.cn-hangzhou.aliyuncs.com/rancher/mirrored-library-traefik 3.5.1 8df847a19b384 49.7MB
registry.cn-hangzhou.aliyuncs.com/rancher/mirrored-metrics-server v0.8.0 b9e1e3849e070 22.5MB
registry.cn-hangzhou.aliyuncs.com/rancher/mirrored-pause 3.6 6270bb605e12e 301kB
registry.cn-hangzhou.aliyuncs.com/rancher/rancher-agent v2.13.0 b1722ceb72576 480MB
registry.cn-hangzhou.aliyuncs.com/rancher/rancher-webhook v0.9.1 639605244309f 22.7MB
registry.cn-hangzhou.aliyuncs.com/rancher/rancher v2.13.0 fec1d56fa0c47 774MB
registry.cn-hangzhou.aliyuncs.com/rancher/shell v0.6.0 05a054accfeb9 113MB
registry.cn-hangzhou.aliyuncs.com/rancher/system-upgrade-controller v0.17.0 e0be34db9b1b1 14.9MB
registry.cn-hangzhou.aliyuncs.com/rancher/turtles v0.25.0 63d78f3642acb 40.6MB
如果您在生产环境中使用 Rancher,希望获得更专业、及时的技术支持,也欢迎了解一下我们的商业订阅服务。可以点击论坛右上角聊天(
)图标,私信联系我了解详细信息,我们有中文支持团队为您服务
