1、场景
# 使用kk离线部署的harbor在其他服务上登陆访问失败:
docker login -uxxxxx -pxxxxx dockerhub.kubekey.local
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://dockerhub.kubekey.local/v2/": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "registry-ca")
2、原因
kk部署的默认使用SSL协议添加了相关证书,docker访问私有仓库时需要添加相关配置(https还需要配置证书)
3、解决办法
- docker配置
docker启动命令后添加参数
/etc/systemd/system/docker.service
--insecure-registry dockerhub.kubekey.local
- 证书配置
将harbor服务上的harbor相关证书复制一份到目标服务器上
/etc/docker/certs.d/dockerhub.kubekey.local/