堆栈内存溢出
  简体   繁体   English

如何从群集外部安全地将映像推送到docker 1.13 Registry:2服务?

[英]how do you securely push an image to a docker 1.13 registry:2 service from outside the swarm?

 原文  2017-01-29 04:40:05       docker/ docker-registry/ docker-swarm-mode

问题描述

I am running a docker registry service in a locally-hosted docker-machine VM in a docker 1.13 swarm on OSX via: 我正在通过以下方式在OSX上的docker 1.13群中的本地托管docker-machine VM中运行docker Registry服务: 

docker service create --name registry --with-registry-auth --publish
5000:5000 registry:2

The service is running and I can push/pull images on a swarm manager however when I try to push images to the service from the machine hosting the swarm VM using port 5000: 服务正在运行,我可以在群集管理器上推/拉映像,但是当我尝试使用端口5000从托管群集VM的计算机将映像推到服务时: 

Get https://<IP of swarm manager>:5000/v1/_ping: http: server gave HTTP response to HTTPS client

Does anyone know how to securely access a docker registry service from outside the swarm? 有谁知道如何从群外安全地访问docker Registry服务? Possibly a FAQ, but I haven't found an article addressing it on the docker site. 可能是常见问题解答,但我在Docker站点上找不到解决该问题的文章。 They all seem to deal with container TLS settings or accessing the server from within the swarm (which is rather nice). 它们似乎都处理容器TLS设置或从群集内部访问服务器(这很不错)。

thanks! 谢谢!

1 个解决方案

解决方案1
 1 已采纳  2017-01-29 20:27:31

The documentation on securing the registry socket deal with TLS settings because that's exactly what you need to configure. 有关保护注册表套接字的文档涉及TLS设置,因为这正是您需要配置的内容。 The registry documentation discusses this at a high level. 注册表文档在较高级别上对此进行了讨论。 The same steps to create a TLS CA, key, and certificate for the docker socket can be used for the registry socket and are documented on docker's site . 为docker套接字创建TLS CA,密钥和证书的相同步骤可用于注册表套接字,并记录在docker的站点上

Note that if you generate your own certificates from your own CA, you'll need to trust your CA. 请注意,如果您从自己的CA生成自己的证书,则需要信任您的CA。 There are various ways to do this just for docker, but the easier (and possibly less secure) solution is to add it to the list of root CA's on your host. 有多种方法可以仅针对docker来执行此操作,但更简单(且可能不太安全)的解决方案是将其添加到主机上的根CA列表中。 This procedure varies per linux distribution. 此过程因Linux发行版而异。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 私有注册表映像作为docker swarm服务 - private registry image as docker swarm service 如何在 docker 群服务中重新加载环境文件? - How do you reload environment file in a docker swarm service? 将 Docker 镜像推送到 Swarm - Push Docker Image To Swarm 如何使用私有 docker 注册表创建 docker swarm 服务 - How to create docker swarm service with private docker registry 如何从一个私有注册表中提取 Docker 映像并将其推送到 Jenkins 管道中的第二个不同的私有注册表 - How do I pull a Docker image from one private registry and push it to a second different private registry in Jenkins pipeline 如何将映像从私有注册表推送到hub.docker.com? - How to push image from private registry to hub.docker.com? How do I authenticate using a managed identity from gitlab-ci to push a docker container from gitlab registry to Azure web service? - How do I authenticate using a managed identity from gitlab-ci to push a docker container from gitlab registry to Azure web service? 如何从docker swarm中的管理器中删除服务 - How to remove the service from the manager in docker swarm 如何使用 podman 将镜像推送到 Docker registry - How to push an image to the Docker registry using podman 如何从 Docker Swarm 中的 Google Container Registry 中提取图像 - How to pull images from Google Container Registry inside Docker Swarm
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM