stackoom
  简体   繁体   中英

docker login in artifactory

 原文  2019-12-03 13:17:07       docker/ kubernetes/ artifactory/ nginx-ingress

Question

I'm getting error:

Error response from daemon: Get https://my-registry.local:443/v2/ : Get http://my-registry.local/v2/token?account=admin&client_id=docker&offline_token=true&service=my-registry.local : net/http: request cancele d (Client.Timeout exceeded while awaiting headers) (Client.Timeout exceeded while awaiting headers)

From What I can see, it's trying to get the offline token from 'http' which is my VIP is not listening on, instead of 'https'.

This instance of Artifactory is deployed in our internal K8, and I suspect it may have something to do w/ the nginx-ingress for this deployment. I've set it up pretty straight forward:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: artifactory
  annotations:
    ingress.kubernetes.io/force-ssl-redirect: "true"
    ingress.kubernetes.io/proxy-read-timeout: "600"
    ingress.kubernetes.io/proxy-send-timeout: "600"
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/configuration-snippet: |
            rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token;
            rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3;
            rewrite ^/webapp$ artifactory/webapp/ redirect;
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
  rules:
  - host: my-registry.local
    http:
      paths:
      - path: /artifactory
        backend:
          serviceName: artifactory
          servicePort: 80
      - path: /v2
        backend:
          serviceName: artifactory
          servicePort: 80
      - path: /v1
        backend:
          serviceName: artifactory
          servicePort: 80

Everything else works: The UI, helm, NPM etc.. the issue appears to be docker specific.

As you can see, it tries to login to the registry correctly using https, but then somehow in the backend it tries to get the token using 'http' instead, and I don't see where in the Artifactory config I can fix this, hence why I figured it must be something w/ the ingress controller. Has anyone seen this before?

1 answers

solution1
 0  2020-01-09 02:21:44

So From this

  - path: /artifactory
    backend:
      serviceName: artifactory
      servicePort: 80

Looks like your ingress goes to an nginx service called artifactory? If that's the case, you will need to share you nginx conf. Look for a line with X-Artifactory-Override-Base-Url and check if the base url schema is https and not http. If not, setting custombase url in Artifactory UI may help ( https://my-registry.local ).

Also try this:

$ curl -vL -u admin https://my-registry.local:443/v2/token

See if you get a token in response.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unable to login to Docker registry on Artifactory Artifactory Docker Login to Repository Localhost docker login returns a 404 for artifactory Failed to Docker login to JFrog Artifactory running in a Docker Artifactory docker registry login failed with 400 bad request Artifactory 6.0.3, cannot login to docker using Tomcat/repo How does docker login know what port(8081) Artifactory is running on? Login and Push docker image to (insecure) artifactory docker repo from jenkins pipeline running on k8s artifactory as docker registry Docker push with artifactory
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM