如何解决具有本地Docker注册表的Gitlab运行程序-无法使用证书或不安全的访问
使用gitlab Runner时,我正在尝试使用本地docker注册表,但是有问题。
我试图让Docker容器访问我的证书以允许访问,但这是行不通的。因此,我也尝试过允许不安全的访问,但这也失败了。
我没有关于如何执行此操作的想法,非常感谢您的帮助。
.gitlab-ci.yml
variables:
DOCKER_HOST: tcp://docker:2375
DOCKER_TLS_CERTDIR: ""
DOCKER_DRIVER: overlay2
# Official docker compose image.
image:
name: docker/compose:latest
services:
- name: docker:dind
command: ["--insecure-registry=my-docker-registry.local:5000"]
before_script:
- docker-compose version
build:
stage: build
script:
- docker pull my-docker-registry.local:5000/my-docker-image:1.0
礼物:
$ docker-compose version
docker-compose version 1.26.2,build eefe0d3
docker-py version: 4.2.2
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.1g 21 Apr 2020
$ docker pull my-docker-registry.local:5000/my-docker-image:1.0
Error response from daemon: Get http://my-docker-registry.local:5000/v2/: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
删除不安全的注册表命令,得到
$ docker pull my-docker-registry.local:5000/my-docker-image:1.0
Error response from daemon: Get http://my-docker-registry.local:5000/v2/: x509: certificate signed by unknown authority
ERROR: Job failed: exit code 1
FATAL: exit code 1
更改 DOCKER_TLS_CERTDIR: "/certs"
失败,像这样:
$ docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:22:56 2020
OS/Arch: linux/amd64
Experimental: false
Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
这是我的/etc/gitlab-runner/config.toml
concurrent = 1
check_interval = 0
[[runners]]
name = "user1"
url = "http://gitlab.example.local/"
token = "Zc51u__b7H124Eb143Eyy"
executor = "docker"
environment = ["DOCKER_AUTH_CONFIG={\"auths\":{\"my-docker-registry.local:5000":{\"auth\":\"dGVzdHVz1234dGVzdHBhc31234Jk"}}}"]
[runners.docker]
extra_hosts = ["my-docker-registry.local:192.168.1.100"]
environment = ["DOCKER_AUTH_CONFIG={\"auths\":{\"my-docker-registry.local:5000":{\"auth\":\"dGVzdHVz1234dGVzdHBhc31234Jk"}}}"]
tls_verify = false
image = "ruby:2.1"
privileged = true
disable_cache = false
volumes = ["/certs/client","/cache"]
shm_size = 0
[runners.cache]
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。