推送镜像/登录失败(Error response from daemon: Get https://reg.harbor.com/v2/: dial tcp 192…)
搭建好Harbor之后,使用docker登录仓库,或者推送镜像到仓库时被拒绝。
[root@kube-node-1 harbor]# docker login reg.harbor.com
Authenticating with existing credentials...
Login did not succeed, error: Error response from daemon: Get https://reg.harbor.com/v2/: dial tcp 192.168.186.21:443: connect: connection refused
[root@kube-node-1 harbor]# docker push reg.harbor.com/harbor-test/nginx-offica
The push refers to repository [reg.harbor.com/harbor-test/nginx-offica]
Get https://reg.harbor.com/v2/: dial tcp 192.168.186.21:443: connect: connection refused
这是因为在使用docker的仓库时,Registry为了安全性考虑,默认是需要https证书支持。除了生成证书,配置https的办法之外,我们在实验环境中,还可以通过修改docker启动文件来解决。
如上图,在docker的启动文件添加--insecure-registry
选项,后面可以使用IP或者可以解析的域名。
添加好之后,重新启动docker服务:
[root@kube-node-1 harbor]# systemctl daemon-reload
[root@kube-node-1 harbor]# systemctl restart docker
重启docker之后,可能会遇到Harbor无法正常访问的问题,是因为docker重启后,harbor相关的容器没有完全启动,只要将所有的harbor容器重启即可,最好先启动harbor-log这个容器。
可以使用命令 docker restart containerID
逐个重启,也可以使用docker-compose进行重新启动:
[root@kube-node-1 harbor]# docker-compose stop
Stopping nginx ... done
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping registry ... done
Stopping harbor-portal ... done
Stopping redis ... done
Stopping registryctl ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
[root@kube-node-1 harbor]# docker-compose up -d
Starting harbor-log ... done
Starting redis ...
Starting harbor-db ...
Starting registryctl ...
Starting harbor-portal ...
Starting registry ... done
Starting harbor-core ... done
Starting harbor-jobservice ...
Starting nginx ... done
注意:这个启停操作需要在harbor的安装目录下使用,否则会报以下错误
[root@kube-node-1 ~]# docker-compose stop
ERROR:Can't find a suitable configuration file in this directory or anyparent. Are you in the right directory?Supported filenames: docker-compose.yml, docker-compose.yaml
重新登录
[root@kube-node-1 harbor]# docker login reg.harbor.com:80
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
重新打包镜像并推送
[root@kube-node-1 harbor]# docker tag nginx:latest reg.harbor.com:80/harbor-test/nginx-offical
[root@kube-node-1 harbor]# docker push reg.harbor.com:80/harbor-test/nginx-offical
The push refers to repository [reg.harbor.com:80/harbor-test/nginx-offical]
85fcec7ef3ef: Pushed
3e5288f7a70f: Pushed
56bc37de0858: Pushed
1c91bf69a08b: Pushed
cb42413394c4: Pushed
latest: digest: sha256:0b159cd1ee1203dad901967ac55eee18c24da84ba3be384690304be93538bea8 size: 1362
推送成功