kubeadm init：failed to pull image registry.k8s.io/pause:3.6

一、错误现象

在安装 K8s 1.28.0 的时候，kubeadm init… 执行失败，错误信息如下：

[kubelet-check] Initial timeout of 40s passed.

Unfortunately, an error has occurred:
        timed out waiting for the condition

This error is likely caused by:
        - The kubelet is not running
        - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
        - 'systemctl status kubelet'
        - ''

Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI.
Here is one example how you may list all running Kubernetes containers by using crictl:
        - 'crictl --runtime-endpoint unix:///var/run/containerd/containerd.sock ps -a | grep kube | grep -v pause'
        Once you have found the failing container, you can inspect its logs with:
        - 'crictl --runtime-endpoint unix:///var/run/containerd/containerd.sock logs CONTAINERID'
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher

错误信息中已经给出了可供参考的一些指令，首先我们使用 systemctl status kubelet 指令来查看 kubelet 的运行状态。如下图所示，运行状态是正常的。

然后我们使用 journalctl -xeu kubelet 命令来查询一下执行日志，经过排查，我发现有一个处拉取 registry.k8s.io/pause:3.6 镜像失败的日志，导致了sandbox 创建不了而报错。既然找到了错误， 那么解决起来就比较简单了。

Dec 26 18:38:09 master kubelet[17939]: E1226 18:38:09.913745   17939 pod_workers.go:1300] "Error syncing pod, skipping" err="failed to \"CreatePodSandbox\" for \"kube-controller-manager-master_kube-system(8376d5b9b66e31d3f06b6a604fb7b258)\" with CreatePodSandboxError: \"Failed to create sandbox for pod \\\"kube-controller-manager-master_kube-system(8376d5b9b66e31d3f06b6a604fb7b258)\\\": rpc error: code = DeadlineExceeded desc = failed to get sandbox image \\\"registry.k8s.io/pause:3.6\\\": failed to pull image \\\"registry.k8s.io/pause:3.6\\\": failed to pull and unpack image \\\"registry.k8s.io/pause:3.6\\\": failed to resolve reference \\\"registry.k8s.io/pause:3.6\\\": failed to do request: Head \\\"https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6\\\": dial tcp 64.233.189.82:443: i/o timeout\"" pod="kube-system/kube-controller-manager-master" podUID="8376d5b9b66e31d3f06b6a604fb7b258"

二、解决办法

# 1、生成 containerd 的默认配置文件
containerd config default > /etc/containerd/config.toml

# 2、查看 sandbox 的默认镜像仓库在文件中的第几行
cat /etc/containerd/config.toml | grep -n "sandbox_image"

# 3、将仓库地址修改成 registry.cn-hangzhou.aliyuncs.com/converts/pause:3.6
sandbox_image = "registry.cn-hangzhou.aliyuncs.com/converts/pause:3.6"

# 4、重启 containerd 服务
systemctl daemon-reload
systemctl restart containerd.service