caicaicaiK零S我自己安装的harbor服务器配置了https证书。在平台的密钥里面配置了harbor服务器,在应用-添加组件里面,选择新增镜像的时候,没有反馈,打开控制台,显示服务器返回镜像未找到或者验证失败,打开ks-apiservice的日志显示:manifest.go:39] Not found or unauthorized,查看代码好像就是 返回镜像状态码(if resp.StatusCode == http.StatusNotFound || resp.StatusCode == http.StatusUnauthorized)时返回的异常。我在服务器上进行抓包,发现服务器请求的镜像服务器 是http的,然后镜像服务器返回了HTTP/1.1 308 Permanent Redirect 状态码,并提供了新的地址。但是这边客户端好像没用用重定向的https的地址继续尝试。
caicaicaiK零S抓包数据:
21:52:31.410594 IP (tos 0×0, ttl 63, id 24292, offset 0, flags [DF], proto TCP (6), length 1388)
master.cluster.local.57720 > harbor.xiaocaicai.com.http: Flags [P.], cksum 0×19af (incorrect -> 0×03cf), seq 1601:2937, ack 1228, win 254, options [nop,nop,TS val 41727670 ecr 49949174], length 1336: HTTP, length: 1336
GET /v2/library/mysql/manifests/5.7 HTTP/1.1
Host: harbor.xiaocaicai.com
User-Agent: Go-http-client/1.1
Accept: application/vnd.docker.distribution.manifest.v2+json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlhKS1U6V1pUUjpJNDIzOkRGV0c6UkdaNzpRWldPOjVaM1I6SElLNzpFTTNDOjUyVUs6RDNUVDpHUUlZIn0.eyJpc3MiOiJoYXJib3ItdG9rZW4taXNzdWVyIiwic3ViIjoiYWRtaW4iLCJhdWQiOiJoYXJib3ItcmVnaXN0cnkiLCJleHAiOjE1ODE5MDk4MTAsIm5iZiI6MTU4MTkwODAxMCwiaWF0IjoxNTgxOTA4MDEwLCJqdGkiOiJSbFNMUmdhY3pQMmltVUJOIiwiYWNjZXNzIjpbeyJ0eXBlIjoicmVwb3NpdG9yeSIsIm5hbWUiOiJsaWJyYXJ5L215c3FsIiwiYWN0aW9ucyI6WyJwdXNoIiwiKiIsInB1bGwiXX1dfQ.frpLo_jz_F2OQfxOUS9JbEvOoxuO3jPboGMhfbGYZK6EsIdnTudc–Z6CRPw8eoU3RXCRdrG53GUxHWDq6M0K8iatKlSkLG5H9SO4BtDwUTuLZ3IHcUV131HbKJ53a_lJJr_CH1fPCTdCy_vRxPOQ4P973hGzfuOyrpTndZM1dF0WPS0JBWsHorUGtkbxh1dS1QYcrIhU4a78rlllS8m_MzHplHTdO7uCTdjXanrK1H42aeTjrggAotZN_Z_KJhvmRakDHJV9jsqB7j5NJi0sxCIFinpQ6WmdzXiQjou3l-st_kYhzs14xJg5-WU8IUXb9ahe9PwOjW6nqLzwlxvzK4ovf2Sh_pA9XcaVp1b4Noo3SxgRAIFf6b2nkCs5eEoYNpDihhzu7RBvLhaFhWwRVMZDIUTsio8q_qaY1SETrEsCeLbfPCsPmX47jh_LnU8N4C-jeJmgMeNZwqxaZ65QjAuP8W2khsyY-SOL1u3RlK8KQHQEZ88RFOKO3tgbyRxr1mouAD3z63rZJA-VuewW1V71D13lRbwtpwrXsPuLtNu5p64OO1XTWZu4dUetxgTx4gr7jrdHA9io9RAnGxMtZJwyWogqU5TOtIjOFWm5Gd6REX61NQuODq01PPJflHrgXVMVI9IJ1Aru0a5FI_qBGW4xEW4vP3AlWGRqhLk21g
Accept-Encoding: gzip
21:52:31.410844 IP (tos 0×0, ttl 63, id 39052, offset 0, flags [DF], proto TCP (6), length 52)
harbor.xiaocaicai.com.https > master.cluster.local.34382: Flags [F.], cksum 0×811f (correct), seq 5571, ack 1179, win 260, options [nop,nop,TS val 49949247 ecr 41727670], length 0
21:52:31.410934 IP (tos 0×0, ttl 63, id 41344, offset 0, flags [DF], proto TCP (6), length 52)
master.cluster.local.34382 > harbor.xiaocaicai.com.https: Flags [.], cksum 0×1477 (incorrect -> 0×80d8), seq 1179, ack 5572, win 331, options [nop,nop,TS val 41727670 ecr 49949247], length 0
21:52:31.410950 IP (tos 0×0, ttl 63, id 25161, offset 0, flags [DF], proto TCP (6), length 461)
harbor.xiaocaicai.com.http > master.cluster.local.57720: Flags [P.], cksum 0×5648 (correct), seq 1228:1637, ack 2937, win 301, options [nop,nop,TS val 49949247 ecr 41727670], length 409: HTTP, length: 409
HTTP/1.1 308 Permanent Redirect
Server: nginx/1.15.11
Date: Mon, 17 Feb 2020 02:53:30 GMT
Content-Type: text/html
Content-Length: 172
Connection: keep-alive
Location: https://harbor.xiaocaicai.com/v2/library/mysql/manifests/5.7
<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx/1.15.11</center>
</body>
</html>我把我harbor服务器的https禁用了,然后机器配置了不安全registry,暂时可以用了。