[英]Docker:Registry:Unable to pull from someone elses private registry
我想从其他人的私有注册表中提取docker映像[containerregistry.us.xxxxx.com:8088]。 当我拉出docker映像时出现此错误
[root@bmcapp ~]# docker pull containerregistry.us.xxxxx.com:8088/kafk-server:1
Error response from daemon: Get https://containerregistry.us.xxxxx.com:8088/v1/_ping: x509: certificate signed by unknown authority
1)我尝试在此文件夹/etc/docker/certs.d/containerregistry.us.xxxxx.com:8088
添加由他们提供的ca.crt证书。
2)然后在/usr/lib/systemd/system/
docker.service
文件中,我尝试在docker.service的这一行中添加--insecure-registry containerregistry.us.xxxxx.com:8088,例如ExecStart=/usr/bin/dockerd
至
ExecStart=/usr/bin/dockerd --insecure-registry containerregistry.us.xxxxx.com:8088
然后我重新启动了docker和daemon
[root@bmcapp ~]#systemctl daemon-reload
[root@bmcapp ~]#systemctl restart docker
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.`
组态:
[root@bm ~]# docker info
Containers: 113
Running: 29
Paused: 0
Stopped: 84
Images: 50
Server Version: 1.13.1
Storage Driver: overlay2
Kernel Version: 4.1.12-61.1.28.el7uek.x86_64
Operating System: Oracle Linux Server 7.3
OSType: linux
Architecture: x86_64
CPUs: 4
另一种方法是使用不安全的注册表设置环境变量DOCKER_OPTS
,然后再次重新启动 Docker守护程序。
export DOCKER_OPTS="--insecure-registry containerregistry.us.xxxxx.com:8088"
然后,尝试登录到注册表。
docker login containerregistry.us.xxxxx.com:8088
如果您想要粘贴环境变量,请将其放在您的bashrc
/ bash_profile
更好的方法是使用LetsEncrypt生成有效的SSL证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.