环境信息:
RKE2 版本: rke2 version v1.27.12+rke2r1
节点 CPU 架构,操作系统和版本: x86,centos7.9
集群配置:
1sever,2agent问题描述:
使用私有仓库部署deploy,提示拉取镜像失败,具体为tls验证失败
重现步骤:
[root@localhost ~]# cat /etc/rancher/rke2/registries.yaml
mirrors:
harbor.zoesoft.com.cn:
endpoint:
- "https://harbor.zoesoft.com.cn"
# rewrite:
# "^rancher/(.*)": "rke2/rancher/$1"
configs:
"https://harbor.zoesoft.com.cn":
auth:
useradmin: admin
password: zysoft@2021
tls:
insecure_skip_verify: true
# ca_file: /etc/docker/certs.d/harbor.zoesoft.com.cn/ca.crt
# cert_file: /etc/docker/certs.d/harbor.zoesoft.com.cn/harbor.zoesoft.com.cn.cert
# key_file: /etc/docker/certs.d/harbor.zoesoft.com.cn/harbor.zoesoft.com.cn.key
[root@localhost ~]# cat /var/lib/rancher/rke2/agent/etc/containerd/config.toml
# File generated by rke2. DO NOT EDIT. Use config.toml.tmpl instead.
version = 2
[plugins."io.containerd.internal.v1.opt"]
path = "/var/lib/rancher/rke2/agent/containerd"
[plugins."io.containerd.grpc.v1.cri"]
stream_server_address = "127.0.0.1"
stream_server_port = "10010"
enable_selinux = false
enable_unprivileged_ports = false
enable_unprivileged_icmp = false
sandbox_image = "harbor.zoesoft.com.cn/rancher/mirrored-pause:3.6"
[plugins."io.containerd.grpc.v1.cri".containerd]
snapshotter = "overlayfs"
disable_snapshot_annotations = true
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = false
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/var/lib/rancher/rke2/agent/etc/containerd/certs.d"
[plugins."io.containerd.grpc.v1.cri".registry.configs."https://harbor.zoesoft.com.cn".auth]
password = "zysoft@2021"
[root@localhost ~]# cat /var/lib/rancher/rke2/agent/etc/containerd/certs.d/https\:/harbor.zoesoft.com.cn/hosts.toml
# File generated by rke2. DO NOT EDIT.
server = "https://harbor.zoesoft.com.cn/v2"
capabilities = ["pull", "resolve", "push"]
skip_verify = true
预期结果:
实际结果:
我最开始是指定的ca的证书,发现失败;然后取消验证tls,发现也是失败。
l
