• 安装部署

  • 离线安装时,到了拉取镜像时报错了,证书什么的都配好了,可以直接用docker拉取,但是用kukekey拉取报错

创建部署问题时,请参考下面模板,你提供的信息越多,越容易及时获得解答。如果未按模板创建问题,管理员有权关闭问题。
确保帖子格式清晰易读,用 markdown code block 语法格式化代码块。
你只花一分钟创建的问题,不能指望别人花上半个小时给你解答。

sudo -E /bin/bash -c “env PATH=$PATH crictl pull dockerhub.kubekey.local/kubesphereio/pause:3.7”

E0912 19:54:02.360826 22466 remote_image.go:238] “PullImage from image service failed” err="rpc error: code = Unknown desc = failed to pull and unpack image \“dockerhub.kubekey.local/kubesphereio/pause:3.7\”: failed to resolve reference \“dockerhub.kubekey.local/kubesphereio/pause:3.7\”: failed to do request: Head \“https://dockerhub.kubekey.local/v2/kubesphereio/pause/manifests/3.7\”: x509: certificate signed by unknown authority" image=“dockerhub.kubekey.local/kubesphereio/pause:3.7”

FATA[0000] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image “dockerhub.kubekey.local/kubesphereio/pause:3.7”: failed to resolve reference “dockerhub.kubekey.local/kubesphereio/pause:3.7”: failed to do request: Head “https://dockerhub.kubekey.local/v2/kubesphereio/pause/manifests/3.7”: x509: certificate signed by unknown authority

你看这个报错:x509: certificate signed by unknown authority,说明不信任仓库使用的证书

假如没记错,需要设置这一项:

 registry:

   insecureRegistries: [“dockerhub.kubekey.local”]    #允许连接不安全的仓库

25 天 后
9 个月 后

因为现在k8s引擎,从docker 换成containerd

vi /etc/containerd/config.toml

        [plugins."io.containerd.grpc.v1.cri".registry.configs."dockerhub.kubekey.local".tls]

          ca_file = "/etc/docker/certs.d/dockerhub.kubekey.local/ca.crt"

          cert_file = "/etc/docker/certs.d/dockerhub.kubekey.local/dockerhub.kubekey.local.cert"

          key_file = "/etc/docker/certs.d/dockerhub.kubekey.local/dockerhub.kubekey.local.key"

          insecure_skip_verify = false

find / -name config.toml

/etc/containerd/config.toml

/root/kubekey/master/config.toml

/root/kubekey/node01/config.toml

注意所有节点都要同步修改

systemctl restart containerd

1 年 后

自签名的证书需要添加信任,在linux下面把证书信任一下就行