目录

pull

没有配置/etc/docker/daemon.json

配置了/etc/docker/daemon.json

完整代码

push

X-Registry-Auth

RegistryAuth值为空

RegistryAuth不为空,但是值不正确

x509: certificate signed by unknown authority

完整代码

配置daemon.json,增加私有仓库地址到insecure-registry

通过不重启docker的方式修改daemon.json

pull

没有配置/etc/docker/daemon.json

报错

Error response from daemon: Get https://reg.test.xx.xx.xx/v2/: x509: certificate signed by unknown authority

配置了/etc/docker/daemon.json

pull 正常,不需要私有仓库的账号密码

完整代码

package main

import (
	"bytes"
	"context"
	"fmt"
	"github.com/docker/docker/api/types"
	"github.com/docker/docker/client"
	"io"
)

func main()  {
	cli, err := client.NewEnvClient()
	if err != nil {
		panic(err.Error())
	}
	fmt.Println(cli.ClientVersion())
	fmt.Println("=====pull image=====")
	image := "xx/root/xx.cn:node-bootstrap-go-master"
	var pullReader io.ReadCloser
	pullReader, err = cli.ImagePull(context.Background(), image, types.ImagePullOptions{
		All:           false,
		RegistryAuth:  "",
		PrivilegeFunc: nil,
	})
	if err != nil {
		panic(err.Error())
	}
	defer pullReader.Close()
	buf := new(bytes.Buffer)
	buf.ReadFrom(pullReader)
	s := buf.String()
	fmt.Println("info:", s)
	fmt.Println("image pull success")
}

push

X-Registry-Auth

	var pushReader io.ReadCloser
	pushReader, err  = cli.ImagePush(context.Background(), image, types.ImagePushOptions{
		All:           false,
		RegistryAuth:  "",
		PrivilegeFunc: nil,
	})

RegistryAuth值为空

如果RegistryAuth没有值,那么会报错

panic: Error response from daemon: Bad parameters and missing X-Registry-Auth: EOF

https://github.com/moby/moby/issues/10983

RegistryAuth不为空,但是值不正确

那么会报错

"errorDetail":{"message":"unauthorized: access to the requested resource is not authorized"},"error":"unauthorized: access to the requested resource is not authorized"}

 

x509: certificate signed by unknown authority

需要配置/etc/docker/daemon.json

在/etc/docker/daemon.json 添加--insecure-registry把私有镜像仓库放进去,比如

// reg.test.ocp.c2g.cn 是私有仓库地址
[root@infra docker-demo]# vim /etc/docker/daemon.json 
 
{
  "registry-mirrors": ["https://xx.aliyuncs.com"],
  "insecure-registries": ["reg.test.xx.xx.xx"]
}

完整代码

package main

import (
	"bytes"
	"context"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"github.com/docker/docker/api/types"
	"github.com/docker/docker/client"
	"io"
)

func main()  {
	cli, err := client.NewEnvClient()
	if err != nil {
		panic(err.Error())
	}
	fmt.Println(cli.ClientVersion())
	image := "xx/root/xx.cn:monitoring-1.0.0"
	user := "root"
	password := "11111111"
	authConfig := types.AuthConfig{Username: user, Password: password}
	encodedJSON, err := json.Marshal(authConfig)
	if err != nil {
		panic(err)
	}
	authStr := base64.URLEncoding.EncodeToString(encodedJSON)
	fmt.Println("push image")
	var pushReader io.ReadCloser
	pushReader, err  = cli.ImagePush(context.Background(), image, types.ImagePushOptions{
		All:           false,
		RegistryAuth:  authStr,
		PrivilegeFunc: nil,
	})
	if err != nil {
		panic(err.Error())
	}
	defer pushReader.Close()
	buf1 := new(bytes.Buffer)
	buf1.ReadFrom(pushReader)
	s1 := buf1.String()
	fmt.Println("info:", s1)
	fmt.Println("image push success")
}

配置daemon.json,增加私有仓库地址到insecure-registry

代码方式动态配置/etc/docker/daemon.json

daemon.json默认内容如下,(是默认给的内容)

{
     "registry-mirrors": [
          "http://mirror.local"
     ],
     "insecure-registries": [
          "registry.local"
     ],
     "mtu": 1360,
     "bip": "192.168.1.1/24"
}

现在新增的私有仓库地址为:xxx.xxx.xxx.xx

golang动态添加insecure-registry

完整代码

package main

import (
	jsoniter "github.com/json-iterator/go"
	"io/ioutil"
	"os"
)

type DaemonJson struct {
	RegistryMirrors    []string `json:"registry-mirrors"`
	InsecureRegistries []string `json:"insecure-registries"`
	Mtu                float64  `json:"mtu"`
	Bip                string   `json:"bip"`
}

func main() {
	pwd, _ := os.Getwd()
	filePath := pwd + string(os.PathSeparator) + "/etc/daemon.json"
	body, err := ioutil.ReadFile(filePath)
	if err != nil {
		panic(err.Error())
	}
	var daemon DaemonJson
	err = jsoniter.Unmarshal(body, &daemon)
	if err != nil {
		panic(err.Error())
	}
	registry := "xxx.xxx.xxx.xxx"
	daemon.InsecureRegistries = append(daemon.InsecureRegistries, registry)
    // MarshalIndent,增加缩进,格式化输出daemon.json
	content, err1 := jsoniter.MarshalIndent(daemon, "", "     ")
	if err1 != nil {
		panic(err1.Error())
	}
	err = ioutil.WriteFile(filePath, content, 0600)
	if err != nil {
		panic(err.Error())
	}
}

最终实现的效果

{
     "registry-mirrors": [
          "http://mirror.local"
     ],
     "insecure-registries": [
          "registry.local",
          "xxx"
     ],
     "mtu": 1360,
     "bip": "192.168.1.1/24"
}

修改了daemon.json后需要重启docker才会生效

systemctl restart docker

通过不重启docker的方式修改daemon.json

dockerd启动的时候读取的是/etc/docker/daemon.json,要想不用重启docker,那么可以在dockerd启动之前把daemon.json里面的内容替换掉。

在dockerd的启动脚本/usr/local/bin/dockerd-entrypoint.sh前替换想要修改的内容

脚本内容为把daemon.json中的registry.local字符串替换为环境变量IMAGE_REGISTRY的值。

#!/usr/bin/env bash
export LANG=zh_CN.utf8
sed -i "s/registry.local/$IMAGE_REGISTRY/g" /etc/docker/daemon.json
/usr/local/bin/dockerd-entrypoint.sh &

 

Logo
向您推荐>>Eolink开发者社区

权威|前沿|技术|干货|国内首个API全生命周期开发者社区

更多推荐

ELK实现containerd的容器日志采集展示【基于logging的全栈监测】

企业级ELK Stack构建介绍

avatar 云原生

深入理解 Mocha 测试框架:从零实现一个 Mocha

前言什么是自动化测试自动化测试在很多团队中都是Devops环节中很难执行起来的一个环节,主要原因在于测试代码的编写工作很难抽象,99%的场景都需要和业务强绑定,而且写测试代码的编写工作量往往比编写实际业务代码的工作量更多。在一些很多业务场景中投入产出比很低,适合写自动化测试的应该是那些中长期业务以及一些诸如组件一样的基础库。自动化测试是个比较大的概念,其中分类也比较多,比如单元测试,端对端测试,集

avatar 云原生

(20200916 Solved)docker-compose up创建容器自动退出

问题描述如题,创建容器后自动退出了。并且docker start container无效解决方案原因是缺失了控制终端的配置,需要在docker-compose.yml中增加tty:true ,有时候这样也不行,需要再增加一个command:/bin/bash,命令不一定是这个,需要是一个不会退出的命令,然后用-d后台启动容器。Referencesdocker-compose启动容器后自动退出...

avatar 云原生