通过rancher 创建rke2集群，无法拉取私有仓库

LT · 2024 年8 月 14 日 10:24

Rancher Server 设置

Rancher 版本：2.7.9
安装选项 (Docker install/Helm Chart): helm
- 如果是 Helm Chart 安装，需要提供 Local 集群的类型（RKE1, RKE2, k3s, EKS, 等）和版本：
在线或离线部署：

下游集群信息

Kubernetes 版本:
Cluster Type (Local/Downstream):
- 如果 Downstream，是什么类型的集群?(自定义/导入或为托管等):

用户信息

登录用户的角色是什么？（管理员/集群所有者/集群成员/项目所有者/项目成员/自定义）：
- 如果自定义，自定义权限集：

主机操作系统：

问题描述：
在通过systemctl status rke2-server时，出现无法拉取私有仓库的镜像问题

cat /etc/rancher/rke2/registries.yaml

{"configs":{"172.16.8.204:1446":{"auth":{"username":"admin","password":"aaaaa","auth":"","identity_token":""},"tls":{"ca_file":"","cert_file":"","key_file":"","insecure_skip_verify":true}}},"mirrors":{"172.16.8.204:1446":{"endpoint":["https://172.16.8.204:1446"]}}}

cat /var/lib/rancher/rke2/agent/etc/containerd/config.toml

[plugins."io.containerd.grpc.v1.cri".registry]
  config_path = "/var/lib/rancher/rke2/agent/etc/containerd/certs.d"




[plugins."io.containerd.grpc.v1.cri".registry.configs."172.16.8.204:1446".auth]
  username = "admin"
  password = "aaaaa"

cat certs.d/172.16.8.204:1446/hosts.toml

# File generated by rke2. DO NOT EDIT.

server = "https://172.16.8.204:1446/v2"
capabilities = ["pull", "resolve", "push"]

skip_verify = true

重现步骤：

结果：

预期结果：

截图：

其他上下文信息：

日志

08:42+08:00" level=info msg="Pulling images from /var/lib/rancher/rke2/agent/images/cloud-controller-manager-image.txt"
:08:42+08:00" level=info msg="Image 172.16.8.204:1446/rancher/rke2-cloud-provider:v1.26.3-build20230406 has already been pulled"
:08:42+08:00" level=error msg="Error encountered while importing /var/lib/rancher/rke2/agent/images/cloud-controller-manager-image.txt
:08:42+08:00" level=info msg="Pulling images from /var/lib/rancher/rke2/agent/images/etcd-image.txt"
:08:42+08:00" level=info msg="Image 172.16.8.204:1446/rancher/hardened-etcd:v3.5.9-k3s1-build20230802 has already been pulled"
:08:42+08:00" level=error msg="Error encountered while importing /var/lib/rancher/rke2/agent/images/etcd-image.txt: failed to pull ima
:08:42+08:00" level=info msg="Pulling images from /var/lib/rancher/rke2/agent/images/kube-apiserver-image.txt"
:08:42+08:00" level=info msg="Image 172.16.8.204:1446/rancher/hardened-kubernetes:v1.26.15-rke2r1-build20240314 has already been pulle
:08:42+08:00" level=error msg="Error encountered while importing /var/lib/rancher/rke2/agent/images/kube-apiserver-image.txt: failed t
:08:42+08:00" level=info msg="Pulling images from /var/lib/rancher/rke2/agent/images/kube-controller-manager-image.txt"
:08:42+08:00" level=info msg="Image 172.16.8.204:1446/rancher/hardened-kubernetes:v1.26.15-rke2r1-build20240314 has already been pulle
:08:42+08:00" level=error msg="Error encountered while importing /var/lib/rancher/rke2/agent/images/kube-controller-manager-image.txt:
:08:42+08:00" level=info msg="Pulling images from /var/lib/rancher/rke2/agent/images/kube-scheduler-image.txt"
:08:42+08:00" level=info msg="Image 172.16.8.204:1446/rancher/hardened-kubernetes:v1.26.15-rke2r1-build20240314 has already been pulle

orangedeng · 2024 年8 月 15 日 03:26

日志不确定是不是不全，缺少了后面的Error原因，看看能否能导出文件上传看下

jarno517 · 2024 年11 月 14 日 10:15

“endpoint”:[“https://172.16.8.204:1446”] 镜像库如果是证书认证的需要配置证书信息，insecure_skip_verify":true应该为false，如果镜像库是http，将"endpoint":[“http://172.16.8.204:1446”] 后，重启rke2 agent