Docker DIND无法访问私人registry

我正在使用GitLab和GitLab runner和DIND。

configuration细节:

--------------------------------------- docker run --privileged --name gitlab-dind -d --restart=always docker:17.07-dind --------------------------------------- cat gitlab_runner.sh docker run -d --name gitlab-runner --restart always \ -v /mnt/data/gitlab/gitlab-runner:/etc/gitlab-runner \ --link gitlab-dind:docker \ gitlab/gitlab-runner:v9.5.0 --------------------------------------- cat /mnt/data/gitlab/gitlab-runner/config.toml concurrent = 1 check_interval = 0 [[runners]] name = "RunnerA" url = "https://gitlab.dev.abc.net" token = "d8ed43a69ebed74ccab2493857d8cb" executor = "docker" [runners.docker] tls_verify = false image = "docker:17.07" privileged = false disable_cache = false volumes = ["/cache"] host = "tcp://gitlab-dind:2375" shm_size = 0 [runners.cache] --------------------------------------- cat ~/wksp/test-proj/.gitlab-ci.yml image: docker.artifactory.abc.net/docker:17.07 variables: DOCKER_HOST: tcp://docker:2375 # This before_script block was added later but it seems this block # isn't executed before the DIND tries fetching image from Artifactory before_script: - docker login -u svc-art-user -p some-pwd docker.artifactory.abc.net - docker info services: - docker.artifactory.abc.net/docker:17.07-dind build: stage: build script: - docker build -t my-docker-node-image . --------------------------------------- 

另外,在上面的configuration中,是否需要在.gitlab-ci.yml DOCKER_HOSTconfiguration.gitlab-ci.yml或者在config.toml只需要input( host = "tcp://gitlab-dind:2375 )”就可以了?

现在当跑步运行时,我得到以下错误:

 Runner log error: Running with gitlab-ci-multi-runner 9.5.0 (413da38) on RunnerA (d8ed43a6) Using Docker executor with image docker.artifactory.abc.net/docker:17.07 ... Starting service docker.artifactory.abc.net/docker:17.07-dind ... Pulling docker image docker.artifactory.abc.net/docker:17.07-dind ... ERROR: Preparation failed: Error response from daemon: Get https://docker.artifactory.abc.net/v2/: x509: certificate signed by unknown authority 

我可能是错误的,但似乎这个错误是因为服务帐户svc-art-user )不能loginDIND图像拉动发生之前。

您需要提供身份validation的详细信息到您的Gitlab亚军,因为它需要拉图像。

您需要创buildDOCKER_AUTH_CONFIG秘密variables与authentication细节如下

 { "auths": { "docker.artifactory.abc.net": { "auth": "bXlfdXNlcm5hbWU6bXlfcGFzc3dvcmQ=" } } } 

这可以通过在本地login~/.docker/config.json并检查~/.docker/config.json

文档提供了很好的细节

https://docs.gitlab.com/ce/ci/docker/using_docker_images.html#define-an-image-from-a-private-docker-registry

https://docs.gitlab.com/runner/configuration/advanced-configuration.html#using-a-private-container-registry

Interesting Posts