创建部署问题时,请参考下面模板,你提供的信息越多,越容易及时获得解答。如果未按模板创建问题,管理员有权关闭问题。
确保帖子格式清晰易读,用 markdown code block 语法格式化代码块。
你只花一分钟创建的问题,不能指望别人花上半个小时给你解答。

操作系统信息
虚拟机,Centos7.5 4C/24G

Kubernetes版本信息

Client Version: version.Info{Major:“1”, Minor:“18”, GitVersion:“v1.18.4+k3s1”, GitCommit:“97b7a0e9df2883f08028fb7171c1e62fc1899a0c”, GitTreeState:“clean”, BuildDate:“2020-06-18T01:30:45Z”, GoVersion:“go1.13.11”, Compiler:“gc”, Platform:“linux/amd64”}

Server Version: version.Info{Major:“1”, Minor:“18”, GitVersion:“v1.18.4+k3s1”, GitCommit:“97b7a0e9df2883f08028fb7171c1e62fc1899a0c”, GitTreeState:“clean”, BuildDate:“2020-06-18T01:30:45Z”, GoVersion:“go1.13.11”, Compiler:“gc”, Platform:“linux/amd64”}

容器运行时

RuntimeVersion: v1.3.3-k3s2

RuntimeApiVersion: v1alpha2

KubeSphere版本信息
v3.0.0,在线安装

问题是什么
1. 目前k3s部署可有离线安装的版本?我是自己把1.18加入到了2.0的kk进行了在线安装(3.2已经适配,但我们还是用的3.0所以只能这样),想自己做个离线包,目前集群已经安装上了,但是containerd http设置按照官方设置不生效
仍然报错,http: server gave HTTP response to HTTPS client
config-sample.yml 按照docker一样的部署配置,貌似也不生效,这个我改如何配置呢?

registryMirrors: [192.168.5.61:1080]

insecureRegistries: [192.168.5.61:1080]


这个私有离线部署K8S跟K3S应该区别应该不大的,上面这个是我foreman源的https的配置,大差不差
用这个命令生成默认配置
containerd config default > /etc/containerd/config.toml
然后打开照着改,完了重启下服务就行

[plugins."io.containerd.grpc.v1.cri".registry]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."xxxx.xxxx.com:5000"]
    endpoint = ["http://xxxx.xxxx.com:5000"]
  [plugins."io.containerd.grpc.v1.cri".registry.configs]
    [plugins."io.containerd.grpc.v1.cri".registry.configs."xxxx.xxxx.com".tls]
      insecure_skip_verify = true

改了好几遍这个缩进可能有问题,注意下 😅

    magitekbay 我是用KK装的,containerd的命令都没有,config.toml配置找到了,在/var/lib/rancher/k3s/agent/etc/containerd/config.toml,这个配置重启后会刷新掉,根据官方修改/etc/rancher/k3s/registries.yaml也没有刷新config.toml不知道kk做了什么,我现在是配置不生效,不知道去哪里配。。。。。。

        Alice 咦kk居然支持containerd了,这个就不清楚了,我一直是手动部署环境,再这个基础上部署ks的 :

            magitekbay ok,多谢啦,那我再研究一下,我是基于3.0自己改的kk的源码,手动部署还好,都是官方的配置就行

                magitekbay 破案了,刚看了2.0kk的源码,这个config写在了源码里,每次都会更新,我去更新一下源码就行

                    Alice : 嗯,不客气,kk部署比较省事,3.0的时候用过,但是不怎么符合我的场景,我就自己手动部署了,就是每次升级都得自己改镜像,签证书的是一个二级ca,ks-installer不支持就很头疼

                      Alice
                      k3s的话,kk没有去装容器运行时。然后是k3s会自己装containerd,使用命令是k3s ctr xxx
                      看你的报错应该是需要配置走http去上传镜像到私有镜像仓库,可以试试这样配置:

                      registry:
    registryMirrors: []
    insecureRegistries: []
    privateRegistry: "192.168.5.61:1080"
    planHTTP: true

                          24sama 恩我现在是设置了http,配置不生效,我试试用新版的kk我看有pr修复这个问题了

                            改了v2.2.1的版本仍然不行
                            Warning FailedCreatePodSandBox 0s (x5 over 49s) kubelet, node1 Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "192.168.5.61:1080/kubesphere/pause:3.2": failed to pull image "192.168.5.61:1080/kubesphere/pause:3.2": failed to pull and unpack image "192.168.5.61:1080/kubesphere/pause:3.2": failed to resolve reference "192.168.5.61:1080/kubesphere/pause:3.2": failed to do request: Head https://192.168.5.61:1080/v2/kubesphere/pause/manifests/3.2: http: server gave HTTP response to HTTPS client

                              config.yaml
                              registry:

                              privateRegistry: "192.168.5.61:1080"

namespaceOverride: ""

registryMirrors: []

insecureRegistries: [192.168.5.61:1080]

auths: # if docker add by \`docker login\`, if containerd append to \`/etc/containerd/config.toml\`

  "192.168.5.61:1080":

    username: "admin"

    password: "Harbor12345"

    skipTLSVerify: false # Allow contacting registries over HTTPS with failed TLS verification.

    plainHTTP: true # Allow contacting registries over HTTP.

                              addons: []

                              24sama 这个我确实设置了。。。还是不生效,就很离谱,我去github问问社区的人

                                24sama
                                [plugins.opt]

                                path = "/var/lib/rancher/k3s/agent/containerd"

                                [plugins.cri]

                                stream_server_address = "127.0.0.1"

                                stream_server_port = "10010"

                                enable_selinux = false

                                sandbox_image = "192.168.5.61:1080/kubesphere/pause:3.2"

                                [plugins.cri.containerd.runtimes.runc]

                                runtime_type = "io.containerd.runc.v2"

                                [plugins.cri.registry.mirrors]

                                [plugins.cri.registry.mirrors."192.168.5.61:1080"]

                                endpoint = ["http://192.168.5.61:1080"]

                                [plugins.cri.registry.configs."192.168.5.61:1080".auth]

                                username = "admin"

                                password = "Harbor12345"