在docker-in-docker映像docker守护进程中设置不安全的registry
试图将一个不安全的dockerregistry添加到我在一个汇合任务中运行的后期图像:
我试着开始我的任务,运行:
export DOCKER_OPTS="$DOCKER_OPTS --insecure-registry=${INSECURE_REG}" 并试图启动守护进程并撰写:
docker daemon --insecure-registry=${INSECURE_REG} & docker-compose up
但是,任务错误:服务器给https客户端的http响应,并没有这样的图像
整个任务看起来像这样(基本上它是在dind容器中执行的以docker-compose结尾的shell脚本):
# Connect to insecure docker registry: export DOCKER_OPTS="$DOCKER_OPTS --insecure-registry=${INSECURE_REG}" # Install docker-compose: apk add --no-cache py-pip curl pip install docker-compose # Verify docker registry: curl http://${INSECURE_REG}/v2/_catalog #curl does return the expected json sanitize_cgroups() { mkdir -p /sys/fs/cgroup mountpoint -q /sys/fs/cgroup || \ mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup mount -o remount,rw /sys/fs/cgroup sed -e 1d /proc/cgroups | while read sys hierarchy num enabled; do if [ "$enabled" != "1" ]; then # subsystem disabled; skip continue fi grouping="$(cat /proc/self/cgroup | cut -d: -f2 | grep "\\<$sys\\>")" if [ -z "$grouping" ]; then # subsystem not mounted anywhere; mount it on its own grouping="$sys" fi mountpoint="/sys/fs/cgroup/$grouping" mkdir -p "$mountpoint" # clear out existing mount to make sure new one is read-write if mountpoint -q "$mountpoint"; then umount "$mountpoint" fi mount -n -t cgroup -o "$grouping" cgroup "$mountpoint" if [ "$grouping" != "$sys" ]; then if [ -L "/sys/fs/cgroup/$sys" ]; then rm "/sys/fs/cgroup/$sys" fi ln -s "$mountpoint" "/sys/fs/cgroup/$sys" fi done } # https://github.com/concourse/concourse/issues/324 sanitize_cgroups # Spin up the stack as described in docker-compose: docker daemon --insecure-registry=${INSECURE_REG} & docker-compose up
dockerd --insecure-registry=${INSECURE_REG}
是不正确的方式启动docker守护进程与不安全的registry,即使它报告错误,它得到的图像,并成功启动