[英]Docker Registry 2.0 with Amazon S3 and TLS setup
我正在嘗試在我們的亞馬遜雲中為我們的公司設置內部docker-registry,它將所有內容存儲在S3中並使用TLS
這是我執行的步驟:
1)在亞馬遜上創建新的機器人帳戶
2)創建新策略並將其分配給該機器人:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::docker-repo-storage",
"arn:aws:s3:::docker-repo-storage/*"
]
}
]
}
3)創建與策略“ docker-repo-storage ”同名的存儲桶
4)安裝的docker:
curl -sSL https://get.docker.com/ | sh
5)在“ / etc / docker / certs / ”中下載我們的公司通配符證書和密鑰
6)在“ /etc/docker/config/config.yml ”中創建配置文件
version: 0.1
log:
level: debug
fields:
service: registry
storage:
s3:
accesskey: <my_key_which_i_hide>
secretkey: <my_secret_key_which_i_hide>
region: eu-central-1
bucket: docker-repo-storage
encrypt: true
secure: true
v4auth: true
http:
addr: <my_domain_which_I_hide>:5000
tls:
certificate: /etc/docker/certs/wcard.<my_cert>.crt
key: /etc/docker/certs/wcard.<my_key>.key
7)針對我安裝了docker的機器的IP在亞馬遜“ Route 53”中注冊域
8)使用以下參數運行docker:
docker run -d -p 5000:5000 --restart=always --name <my_custom_name> -v 'pwd'/config.yml:/etc/docker/config/config.yml registry:2
按照官方文件中的描述
它成功運行,因此我執行了以下測試:
docker pull ubuntu && docker tag ubuntu localhost:5000/mytestimg
docker push localhost:5000/mytestimg
轉到S3存儲桶-空的映像未上載到S3存儲,而是將其本地存儲在EC2實例VM上
我用docket設置了另一個節點,並嘗試從該存儲庫中提取“ mytestimg ”:
docker pull <my_domain>:5000/mytestimg
Using default tag: latest
Error response from daemon: unable to ping registry endpoint https://<my_domain>:5000/v0/
v2 ping attempt failed with error: Get https://<my_domain>:5000/v2/: tls: oversized record received with length 20527
v1 ping attempt failed with error: Get https://<my_domain>:5000/v1/_ping: tls: oversized record received with length 20527
如您所見,它無法ping通。 我從配置中刪除了TLS,獲得了最密集的幫助,我添加了配置並從命令行運行所有參數:
docker run -d -p 5000:5000 --restart=always --name <custom_name> -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=docker-repo-storage -e STORAGE_PATH=/registry -e AWS_KEY=<hidden> -e AWS_SECRET=<hidden> -e AWS_REGION=eu-central-1 -e STORAGE_REDIRECT=true -e SEARCH_BACKEND=sqlalchemy -v `pwd`/certs:/etc/docker/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/wcard.<hidden>.crt -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/wcard.<hidden>.key registry:2
它不起作用,也不是這樣的:
docker run -d -p 5000:5000 --restart=always --name <custom_name> -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=docker-repo-storage -e STORAGE_PATH=/registry -e AWS_KEY=<hidden> -e AWS_SECRET=<hidden> -e AWS_REGION=eu-central-1 -e STORAGE_REDIRECT=true -e SEARCH_BACKEND=sqlalchemy registry:2
我究竟做錯了什么? 為什么忽略S3而不上傳到那里? 為什么我無法從另一台計算機連接並ping v0,v1,v2失敗?
請幫忙
創建自己的私有存儲庫時,我遇到了同樣的問題。
當我在Docker主機和連接節點中導出DOCKER_OPTS環境變量時,問題已解決。
示例DOCKER_OPTS =-不安全的注冊表= xx.xxx.xxx.xxx:5000
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.