docker登录时报错:
Error response from daemon: Get https://k8s-harbor.xxx.com/v2/: received unexpected HTTP status: 500 Internal Server Error
查harbor-core日志:
[DEBUG] [/server/middleware/log/log.go:30]: attach request id 5c203603a23d0759bce912920b074044 to the logger for the request GET /service/token
[DEBUG] [/server/middleware/artifactinfo/artifact_info.go:53]: In artifact info middleware, url: /service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry
[DEBUG] [/core/auth/authenticator.go:145]: Current AUTH_MODE is db_auth
[DEBUG] [/server/middleware/security/basic_auth.go:47][requestID="5c203603a23d0759bce912920b074044"]: a basic auth security context generated for request GET /service/token
[DEBUG] [/core/service/token/token.go:36]: URL for token request: /service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry
[DEBUG] [/core/service/token/creator.go:230]: scopes: []
[DEBUG] [/core/service/token/authutils.go:50]: scopes: []
[ERROR] [/core/service/token/token.go:49]: Unexpected error when creating the token, error: unable to find PEM encoded data
解决办法:
请求时token创建失败,无法使用PEM编码数据,这是证书问题
建议最好使用正规CA证书,证书放入chart的cert目录下,同时docker客户端也要配置证书
docker登录时报错:
Error response from daemon: Missing client certificate tls.cert for key tls.key
解决办法:
缺少tls.cert
cp k8s-harbor.xxx.com.pem /etc/docker/certs.d/k8s-harbor.xxx.com/tls.cert
docker push报错:
error parsing HTTP 413 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>413 Request Entity Too Large</title></head>\r\n<body>\r\n<center><h1>413 Request Entity Too Large</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
解决办法:
413错误一般是nginx限制了client body大小
查harbor nginx服务的配置:harbor/templates/nginx/configmap-https.yaml没做任何限制
# disable any limits to avoid http 413 for large image uploads
client_max_body_size 0;
那限制应该是在ingress侧
ingress策略添加以下注解,然后重新创建ingress即可
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-harbor
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/proxy-body-size: 900m