search

kubesphere / kubekey

Install Kubernetes/K3s only, both Kubernetes/K3s and KubeSphere, and related cloud-native add-ons, it supports all-in-one, multi-node, and HA 🔥 ⎈ 🐳
https://kubesphere.io
Apache License 2.0
2.31k stars 544 forks source link

离线部署k8s,自建了非https的registry,创建集群失败 #2050

Open JokerTlin opened 10 months ago

JokerTlin commented 10 months ago

What is version of KubeKey has the issue?

3.0.7

What is your os environment?

cenots7

KubeKey config file

No response

A clear and concise description of what happend.

离线部署k8s,自建了非https的registry,创建集群失败。有没有什么配置项可以绕过https

Relevant log output

14:58:26 CST message: [LocalHost]
copy image oci:/root/kubekey/images:calico:cni:v3.23.2-amd64 to docker://dockerhub.kubekey.local:5000/kubesphereio/cni:v3.23.2-amd64 failed: trying to reuse blob sha256:a33c29efa196200d3373d4a355138a10786be4a6db0baac21553064cdc30f79a at destination: pinging container registry dockerhub.kubekey.local:5000: Get "https://dockerhub.kubekey.local:5000/v2/": http: server gave HTTP response to HTTPS client
14:58:26 CST failed: [LocalHost]
error: Pipeline[CreateClusterPipeline] execute failed: Module[CopyImagesToRegistryModule] exec failed:
failed: [LocalHost] [CopyImagesToRegistry] exec failed after 1 retires: copy image oci:/root/kubekey/images:calico:cni:v3.23.2-amd64 to docker://dockerhub.kubekey.local:5000/kubesphereio/cni:v3.23.2-amd64 failed: trying to reuse blob sha256:a33c29efa196200d3373d4a355138a10786be4a6db0baac21553064cdc30f79a at destination: pinging container registry dockerhub.kubekey.local:5000: Get "https://dockerhub.kubekey.local:5000/v2/": http: server gave HTTP response to HTTPS client

Additional information

No response

ljflinux commented 9 months ago

参考这个说明: https://github.com/kubesphere/kubekey/blob/master/docs/config-example.md

里面有: plainHTTP: false # Allow contacting registries over HTTP.

registry: registryMirrors: [] insecureRegistries: [] privateRegistry: "" namespaceOverride: "" auths: # if docker add by docker login, if containerd append to /etc/containerd/config.toml "dockerhub.kubekey.local": username: "xxx" password: "**" skipTLSVerify: false # Allow contacting registries over HTTPS with failed TLS verification. plainHTTP: false # Allow contacting registries over HTTP. certsPath: "/etc/docker/certs.d/dockerhub.kubekey.local" # Use certificates at path (.crt, .cert, .key) to connect to the registry.

另外,docker的/etc/docker/daemon.json文件中要配置http的,例如: "insecure-registries":["http://10.122.249.151","http://10.122.249.152"],

如果是containerd也要在配置文件/etc/containerd/config.toml中增加如下内容: [plugins."io.containerd.grpc.v1.cri".registry.mirrors."10.122.249.151"] endpoint = ["http://10.122.249.151"]

而且要重启一下docker和containerd的服务进程。