解決方法：試試通過手動下載

docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest

docker pull 是還是報錯

     open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory

檢視下redhat-ca.crt確實不存在，registry.access.redhat.com/rhel7/pod-infrastructure:latest預設是https下載。

最終解決方案：

 1.docker search pod-infrastructure

 2. 可使用： 

docker.io   docker.io/tianyebj/pod-infrastructure               registry.access.redhat.com/rhel7/pod-infra...   2 

3. 修改配置檔案

cat /etc/kubernetes/kubelet

# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/tianyebj/pod-infrastructure:latest"

4. 重啟kubernetes服務

master: 

for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do systemctl restart $SERVICES systemctl enable $SERVICES systemctl status $SERVICES done　　　　　　

node:

for SERVICES in kube-proxy kubelet docker; do systemctl restart $SERVICES systemctl enable $SERVICES systemctl status $SERVICES done
 

二、 網路部分

yum -y install flannel

修改配置檔案/etc/sysconfig/flannel

[[email protected] flannel]# cat /etc/sysconfig/flanneld
# Flanneld configuration options

# etcd url location. Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://master:2379"

# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"

# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
FLANNEL_OPTIONS="-iface=eth0"

2. 配置 etcdctl 

etcdctl mkdir /atomic.io/network

etcdctl mk /kube-centos/network/config "{ \"Network\": \"172.30.0.0/16\", \"SubnetLen\": 24, \"Backend\": { \"Type\": \"vxlan\" } }"

3. 重啟所有服務

三、  service account

報錯資訊： Error from server (ServerTimeout): error when creating "busybox.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account

方式一：禁用ServiceAccount

編輯/etc/kubenetes/apiserver： 
將以下這行中的ServiceAccount刪除即可 
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" 
改為： 
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

這種方式比較粗暴，可能會遇到必須要用ServiceAccount的情況。

方式二：配置ServiceAccount

1、首先生成金鑰： 
openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048

2、編輯/etc/kubenetes/apiserver 
新增以下內容： 
KUBE_API_ARGS="--service_account_key_file=/etc/kubernetes/serviceaccount.key"

3、再編輯/etc/kubernetes/controller-manager 
新增以下內容： 
KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/etc/kubernetes/serviceaccount.key"

最後無論是哪種解決方式都需要再重啟kubernetes服務： 
systemctl restart etcd kube-apiserver kube-controller-manager kube-scheduler