docker:registry:无法从别人拉私人registry
我想从别人的私人registry[containerregistry.us.xxxxx.com:8088]拉一个docker图像。 当我拉一个泊坞窗图像时,我得到这个错误
[root@bmcapp ~]# docker pull containerregistry.us.xxxxx.com:8088/kafk-server:1 Error response from daemon: Get https://containerregistry.us.xxxxx.com:8088/v1/_ping: x509: certificate signed by unknown authority
1)我试着在这个文件夹/etc/docker/certs.d/containerregistry.us.xxxxx.com:8088
添加ca.crt证书。
2)然后在/usr/lib/systemd/system/
docker.service
文件中,我尝试在docker.service的这一行添加–insecure-registry containerregistry.us.xxxxx.com:8088,像这样ExecStart=/usr/bin/dockerd
至
ExecStart=/usr/bin/dockerd --insecure-registry containerregistry.us.xxxxx.com:8088
然后我重新启动了docker和守护进程
[root@bmcapp ~]#systemctl daemon-reload [root@bmcapp ~]#systemctl restart docker Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.`
组态:
[root@bm ~]# docker info Containers: 113 Running: 29 Paused: 0 Stopped: 84 Images: 50 Server Version: 1.13.1 Storage Driver: overlay2 Kernel Version: 4.1.12-61.1.28.el7uek.x86_64 Operating System: Oracle Linux Server 7.3 OSType: linux Architecture: x86_64 CPUs: 4
另一种方法是用不安全的registry设置环境variablesDOCKER_OPTS
,然后重新启动 Docker守护进程。
export DOCKER_OPTS="--insecure-registry containerregistry.us.xxxxx.com:8088"
然后,尝试login到registry。
docker login containerregistry.us.xxxxx.com:8088
如果你想让环境variables保持不变,把它放在你的bashrc
/ bash_profile
更好的方法是使用LetsEncrypt生成有效的SSL证书。