[英]Login to private registry from inside cloud-builders/docker step fails - certificate signed by unknown authority
我需要在云构建步骤中使用自签名证书向私有注册表进行身份验证。 如果我直接执行docker login ,出于显而易见的原因,这将失败并出现error: x509: certificate signed by unknown authority - 一切正常。
通常,我使用以下单行代码解决此类问题:
openssl s_client -showcerts -connect external-registry.io:5000 < /dev/null | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/local/share/ca-certificates/external-registry.io.crt && \
update-ca-certificates
遗憾的是,它在 Cloud Build 中不起作用。
name: 'gcr.io/cloud-builders/docker'
env:
entrypoint: 'bash'
args:
- '-c'
- |
openssl s_client -showcerts -connect external-registry.io:5000 < /dev/null | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/local/share/ca-certificates/external-registry.io.crt && \
update-ca-certificates
echo password | docker login external-registry.io:5000 --username administrator --password-stdin
...
以上不起作用,它失败并error: x509: certificate signed by unknown authority 。
有趣的是,在本地运行 cloud-builders docker 容器,一切都按预期完美运行。
git clone https://github.com/GoogleCloudPlatform/cloud-builders.git
cd cloud-builders/docker
docker build -f ./Dockerfile-19.03.8 -t cloudbuilder .
docker run -it --entrypoint /bin/bash cloudbuilder
现在在容器内:
openssl s_client -showcerts -connect external-registry.io:5000 < /dev/null | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/local/share/ca-certificates/external-registry.io.crt && \
update-ca-certificates
echo password | docker login external-registry.io:5000 --username administrator --password-stdin
Login Succeeded
任何解释和/或解决方法将不胜感激。 Google 如何有效地运行 cloud-builder 容器?
谢谢你,干杯!
有同样的问题。 在我的例子中,使用工作池访问私有注册表将证书添加到/etc/docker/certs.d/hostname
错误:构建步骤 0“gcr.io/cloud-builders/docker”失败:退出状态 1
[英]ERROR: build step 0 "gcr.io/cloud-builders/docker" failed: exit status 1
Google Cloud Build for Python app triggered docker build fails to pull pip requirement from private artefact registry
[英]Google Cloud Build for Python app triggered docker build fails to pull pip requirement from private artefact registry
无法从 docker 构建中的工件注册表安装私有依赖项
[英]Cannot install private dependency from artifact registry inside docker build
如何从 Google Cloud Composer 的 Kube.netesPodOperator 中的私有 Docker 注册表中提取图像?
[英]How to pull image from private Docker registry in KubernetesPodOperator of Google Cloud Composer?
Bitbucket pipelines: Docker 登录私有ECR成功,但是pull失败
[英]Bitbucket pipelines: Docker login to private ECR succeeds, but pull fails
如何将 docker 图像从私有第三方注册表迁移到 Google 神器注册表?
[英]How to migrate docker images from private third party registry to Google artifact registry?
如何调试 docker 推送到谷歌云工件注册表错误“清单未知:未找到请求的实体。”?
[英]How to debug docker push to google cloud artifacts registry error "manifest unknown: Requested entity was not found."?
从 cloud-builders-community/sonarqube/ 运行命令
[英]running commands from cloud-builders-community/sonarqube/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.