Docker DIND无法访问私人registry
我正在使用GitLab和GitLab runner和DIND。
configuration细节:
--------------------------------------- docker run --privileged --name gitlab-dind -d --restart=always docker:17.07-dind --------------------------------------- cat gitlab_runner.sh docker run -d --name gitlab-runner --restart always \ -v /mnt/data/gitlab/gitlab-runner:/etc/gitlab-runner \ --link gitlab-dind:docker \ gitlab/gitlab-runner:v9.5.0 --------------------------------------- cat /mnt/data/gitlab/gitlab-runner/config.toml concurrent = 1 check_interval = 0 [[runners]] name = "RunnerA" url = "https://gitlab.dev.abc.net" token = "d8ed43a69ebed74ccab2493857d8cb" executor = "docker" [runners.docker] tls_verify = false image = "docker:17.07" privileged = false disable_cache = false volumes = ["/cache"] host = "tcp://gitlab-dind:2375" shm_size = 0 [runners.cache] --------------------------------------- cat ~/wksp/test-proj/.gitlab-ci.yml image: docker.artifactory.abc.net/docker:17.07 variables: DOCKER_HOST: tcp://docker:2375 # This before_script block was added later but it seems this block # isn't executed before the DIND tries fetching image from Artifactory before_script: - docker login -u svc-art-user -p some-pwd docker.artifactory.abc.net - docker info services: - docker.artifactory.abc.net/docker:17.07-dind build: stage: build script: - docker build -t my-docker-node-image . ---------------------------------------
另外,在上面的configuration中,是否需要在.gitlab-ci.yml
DOCKER_HOST
configuration.gitlab-ci.yml
或者在config.toml
只需要input( host = "tcp://gitlab-dind:2375
)”就可以了?
现在当跑步运行时,我得到以下错误:
Runner log error: Running with gitlab-ci-multi-runner 9.5.0 (413da38) on RunnerA (d8ed43a6) Using Docker executor with image docker.artifactory.abc.net/docker:17.07 ... Starting service docker.artifactory.abc.net/docker:17.07-dind ... Pulling docker image docker.artifactory.abc.net/docker:17.07-dind ... ERROR: Preparation failed: Error response from daemon: Get https://docker.artifactory.abc.net/v2/: x509: certificate signed by unknown authority
我可能是错误的,但似乎这个错误是因为服务帐户 ( svc-art-user
)不能loginDIND图像拉动发生之前。
您需要提供身份validation的详细信息到您的Gitlab亚军,因为它需要拉图像。
您需要创buildDOCKER_AUTH_CONFIG
秘密variables与authentication细节如下
{ "auths": { "docker.artifactory.abc.net": { "auth": "bXlfdXNlcm5hbWU6bXlfcGFzc3dvcmQ=" } } }
这可以通过在本地login~/.docker/config.json
并检查~/.docker/config.json
文档提供了很好的细节