Docker Registry 2.0与Amazon S3和TLS设置
我正在尝试在我们的亚马逊云中为我们公司build立内部的docker-registry,它将把所有内容存储在S3中,并使用TLS
这是我做的步骤:
1)在亚马逊创build新的机器人帐户
2)创build并分配新的策略到该机器人:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::docker-repo-storage", "arn:aws:s3:::docker-repo-storage/*" ] } ] } 3)根据策略创build相同名称的桶“ docker-repo-storage ”
4)安装docker:
curl -sSL https://get.docker.com/ | sh
5)下载“ / etc / docker / certs / ”我们公司的wildchar证书和密钥
6)在“ /etc/docker/config/config.yml ”中创buildconfiguration文件
version: 0.1 log: level: debug fields: service: registry storage: s3: accesskey: <my_key_which_i_hide> secretkey: <my_secret_key_which_i_hide> region: eu-central-1 bucket: docker-repo-storage encrypt: true secure: true v4auth: true http: addr: <my_domain_which_I_hide>:5000 tls: certificate: /etc/docker/certs/wcard.<my_cert>.crt key: /etc/docker/certs/wcard.<my_key>.key
7)在亚马逊注册域名“路线53”对我安装docker的机器的IP
8)运行docker与下游参数:
docker run -d -p 5000:5000 --restart=always --name <my_custom_name> -v 'pwd'/config.yml:/etc/docker/config/config.yml registry:2
根据官方文件中的描述
它运行成功,所以我进行了下面的testing:
docker pull ubuntu && docker tag ubuntu localhost:5000/mytestimg docker push localhost:5000/mytestimg
转到S3存储桶 – 其空的映像不会上传到S3存储,而是存储在EC2实例虚拟机的本地
我用docketbuild立了另一个节点,并尝试从该回购中拉取“ mytestimg ”:
docker pull <my_domain>:5000/mytestimg Using default tag: latest Error response from daemon: unable to ping registry endpoint https://<my_domain>:5000/v0/ v2 ping attempt failed with error: Get https://<my_domain>:5000/v2/: tls: oversized record received with length 20527 v1 ping attempt failed with error: Get https://<my_domain>:5000/v1/_ping: tls: oversized record received with length 20527
正如你所看到的,它无法ping通。 我从configuration中删除了TLS,最密集的帮助,我尖刺configuration和从命令行运行所有参数:
docker run -d -p 5000:5000 --restart=always --name <custom_name> -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=docker-repo-storage -e STORAGE_PATH=/registry -e AWS_KEY=<hidden> -e AWS_SECRET=<hidden> -e AWS_REGION=eu-central-1 -e STORAGE_REDIRECT=true -e SEARCH_BACKEND=sqlalchemy -v `pwd`/certs:/etc/docker/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/wcard.<hidden>.crt -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/wcard.<hidden>.key registry:2
它不起作用,也不是这样的:
docker run -d -p 5000:5000 --restart=always --name <custom_name> -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=docker-repo-storage -e STORAGE_PATH=/registry -e AWS_KEY=<hidden> -e AWS_SECRET=<hidden> -e AWS_REGION=eu-central-1 -e STORAGE_REDIRECT=true -e SEARCH_BACKEND=sqlalchemy registry:2
我究竟做错了什么? 为什么忽略S3而不是在那里上传? 为什么我不能连接从另一台机器和ping v0,v1,v2失败?
请帮忙
创build我自己的私有存储库时遇到同样的问题。
当我在Docker主机和连接节点中导出DOCKER_OPTS环境variables时,问题得到解决。
例如DOCKER_OPTS = – insecure-registry = xx.xxx.xxx.xxx:5000