操作系统信息
虚拟机,CentOS Linux release 7.9.2009 (Core),4C/16G
Kubernetes版本信息
[root@kubesphere-master temp]# kubectl version
Client Version: version.Info{Major:“1”, Minor:“21”, GitVersion:“v1.21.5”, GitCommit:“aea7bbadd2fc0cd689de94a54e5b7b758869d691”, GitTreeState:“clean”, BuildDate:“2021-09-15T21:10:45Z”, GoVersion:“go1.16.8”, Compiler:“gc”, Platform:“linux/amd64”}
Server Version: version.Info{Major:“1”, Minor:“21”, GitVersion:“v1.21.5”, GitCommit:“aea7bbadd2fc0cd689de94a54e5b7b758869d691”, GitTreeState:“clean”, BuildDate:“2021-09-15T21:04:16Z”, GoVersion:“go1.16.8”, Compiler:“gc”, Platform:“linux/amd64”}
容器运行时
[root@kubesphere-master temp]# docker version
Client:
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:50:40 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:55:09 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b638
docker-init:
Version: 0.19.0
GitCommit: de40ad0
KubeSphere版本信息
v3.2.1。在线安装。使用kk安装。
问题是什么
创建镜像仓库保密字典时提示“镜像仓库验证失败”。如图
如果直接点击确定保存后,在创建自制应用->创建服务时选择此镜像仓库,出现如下错误
镜像仓库用的Harbor,是从自带的应用商店中安装的,使用docker pull、docker push等命令都可以正常访问
最后贴上Harbor的应用配置
expose:
type: nodePort
tls:
enabled: true
secretName: ''
notarySecretName: ''
commonName: 192.168.174.200
ingress:
hosts:
core: core.harbor.domain
notary: notary.harbor.domain
controller: default
annotations:
ingress.kubernetes.io/ssl-redirect: 'true'
ingress.kubernetes.io/proxy-body-size: '0'
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/proxy-body-size: '0'
clusterIP:
name: harbor
ports:
httpPort: 80
httpsPort: 443
notaryPort: 4443
nodePort:
name: harbor
ports:
http:
port: 80
nodePort: 30002
https:
port: 443
nodePort: 30003
notary:
port: 4443
nodePort: 30004
loadBalancer:
name: harbor
IP: ''
ports:
httpPort: 80
httpsPort: 443
notaryPort: 4443
annotations: {}
sourceRanges: []
#externalURL: 'https://core.harbor.domain'
internalTLS:
enabled: false
certSource: auto
trustCa: ''
core:
secretName: ''
crt: ''
key: ''
jobservice:
secretName: ''
crt: ''
key: ''
registry:
secretName: ''
crt: ''
key: ''
portal:
secretName: ''
crt: ''
key: ''
chartmuseum:
secretName: ''
crt: ''
key: ''
clair:
secretName: ''
crt: ''
key: ''
trivy:
secretName: ''
crt: ''
key: ''
persistence:
enabled: true
resourcePolicy: keep
persistentVolumeClaim:
registry:
existingClaim: ''
storageClass: ''
subPath: ''
accessMode: ReadWriteOnce
size: 5Gi
chartmuseum:
existingClaim: ''
storageClass: ''
subPath: ''
accessMode: ReadWriteOnce
size: 5Gi
jobservice:
existingClaim: ''
storageClass: ''
subPath: ''
accessMode: ReadWriteOnce
size: 1Gi
database:
existingClaim: ''
storageClass: ''
subPath: ''
accessMode: ReadWriteOnce
size: 1Gi
redis:
existingClaim: ''
storageClass: ''
subPath: ''
accessMode: ReadWriteOnce
size: 1Gi
trivy:
existingClaim: ''
storageClass: ''
subPath: ''
accessMode: ReadWriteOnce
size: 5Gi
imageChartStorage:
disableredirect: false
type: filesystem
filesystem:
rootdirectory: /storage
azure:
accountname: accountname
accountkey: base64encodedaccountkey
container: containername
gcs:
bucket: bucketname
encodedkey: base64-encoded-json-key-file
s3:
region: us-west-1
bucket: bucketname
swift:
authurl: 'https://storage.myprovider.com/v3/auth'
username: username
password: password
container: containername
oss:
accesskeyid: accesskeyid
accesskeysecret: accesskeysecret
region: regionname
bucket: bucketname
imagePullPolicy: IfNotPresent
imagePullSecrets: null
updateStrategy:
type: RollingUpdate
logLevel: info
harborAdminPassword: Harbor12345
secretKey: not-a-secure-key
proxy:
httpProxy: null
httpsProxy: null
noProxy: '127.0.0.1,localhost,.local,.internal'
components:
- core
- jobservice
- clair
nginx:
image:
repository: goharbor/nginx-photon
tag: v2.0.0
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
portal:
image:
repository: goharbor/harbor-portal
tag: v2.0.0
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
core:
image:
repository: goharbor/harbor-core
tag: v2.0.0
replicas: 1
livenessProbe:
initialDelaySeconds: 300
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: ''
secretName: ''
xsrfKey: ''
jobservice:
image:
repository: goharbor/harbor-jobservice
tag: v2.0.0
replicas: 1
maxJobWorkers: 10
jobLogger: file
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: ''
registry:
registry:
image:
repository: goharbor/registry-photon
tag: v2.0.0
controller:
image:
repository: goharbor/harbor-registryctl
tag: v2.0.0
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: ''
relativeurls: false
credentials:
username: harbor_registry_user
password: harbor_registry_password
htpasswd: >-
harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m
middleware:
enabled: false
type: cloudFront
cloudFront:
baseurl: example.cloudfront.net
keypairid: KEYPAIRID
duration: 3000s
ipfilteredby: none
privateKeySecret: my-secret
chartmuseum:
enabled: true
absoluteUrl: false
image:
repository: goharbor/chartmuseum-photon
tag: v2.0.0
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
clair:
enabled: true
clair:
image:
repository: goharbor/clair-photon
tag: v2.0.0
adapter:
image:
repository: goharbor/clair-adapter-photon
tag: v2.0.0
replicas: 1
updatersInterval: 12
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
trivy:
enabled: true
image:
repository: goharbor/trivy-adapter-photon
tag: v2.0.0
replicas: 1
debugMode: false
vulnType: 'os,library'
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
ignoreUnfixed: false
insecure: false
gitHubToken: ''
skipUpdate: false
resources:
requests:
cpu: 20m
memory: 512Mi
limits:
cpu: 1
memory: 1Gi
podAnnotations: {}
notary:
enabled: true
server:
image:
repository: goharbor/notary-server-photon
tag: v2.0.0
replicas: 1
signer:
image:
repository: goharbor/notary-signer-photon
tag: v2.0.0
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secretName: ''
database:
type: internal
internal:
image:
repository: goharbor/harbor-db
tag: v2.0.0
initContainerImage:
repository: busybox
tag: latest
password: changeit
nodeSelector: {}
tolerations: []
affinity: {}
external:
host: 192.168.0.1
port: '5432'
username: user
password: password
coreDatabase: registry
clairDatabase: clair
notaryServerDatabase: notary_server
notarySignerDatabase: notary_signer
sslmode: disable
maxIdleConns: 50
maxOpenConns: 100
podAnnotations: {}
redis:
type: internal
internal:
image:
repository: goharbor/redis-photon
tag: v2.0.0
nodeSelector: {}
tolerations: []
affinity: {}
external:
host: 192.168.0.2
port: '6379'
coreDatabaseIndex: '0'
jobserviceDatabaseIndex: '1'
registryDatabaseIndex: '2'
chartmuseumDatabaseIndex: '3'
clairAdapterIndex: '4'
trivyAdapterIndex: '5'
password: ''
podAnnotations: {}
