使用Minikube时,不能从私人回购站拉扯码头 [英] Can not pull docker image from private repo when using Minikube
问题描述
我正在尝试使用Minikube进行本地kubernetes开发。我已经设置了我的docker环境,使用在提供的Minikube VM(boot2docker)中运行的docker守护程序,如建议:
I am attempting to use Minikube for local kubernetes development. I have set up my docker environment to use the docker daemon running in the provided Minikube VM (boot2docker) as suggested:
eval $(minikube docker-env)
它设置这些环境变量:
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.99.100:2376"
export DOCKER_CERT_PATH="/home/jasonwhite/.minikube/certs"
当我尝试从我们的私人码头库存储库中提取图像时:
When I attempt to pull an image from our private docker repository:
docker pull oururl.com:5000/myimage:v1
我收到此错误:
Error response from daemon: Get https://oururl.com:5000/v1/_ping: x509: certificate signed by unknown authority
出现我需要添加一个可信赖的ca根证书,但是在我的尝试中到目前为止还没有成功。
It appears I need to add a trusted ca root certificate somehow, but have been unsuccessful so far in my attempts.
使用我们的ca root证书,我可以使用curl打开存储库。
I can hit the repository fine with curl using our ca root cert:
curl --cacert /etc/ssl/ca/ca.pem https://oururl.com:5000/v1/_ping
推荐答案
我想出了一个解决这个情况的解决方案,提出了这些来源的建议:
I came up with a work-around for the situation with suggestions from these sources:
https://github.com/docker/machine/issues/1799
https://github.com/docker/machine / issues / 1872
我登录到Minikube VM( minikube ssh
),并编辑通过附加我自己的ca证书 /usr/local/etc/ssl/certs/ca-certificates.crt 文件。
I logged into the Minikube VM (minikube ssh
), and edited the /usr/local/etc/ssl/certs/ca-certificates.crt
file by appending my own ca cert.
然后我仍然在VM内重新启动docker守护程序: sudo /etc/init.d/docker restart
I then restarted the docker daemon while still within the VM: sudo /etc/init.d/docker restart
这不是非常优雅,因为如果我重新启动Minikube VM,我需要每次重复这些手动步骤。
This is not very elegant in that if I restart the Minikube VM, I need to repeat these manual steps each time.
另外,我还尝试在 DOCKER_OPTS $中设置
- insecure-registry myurl.com:5000
选项c $ c>环境变量(重新启动的docker),但这对我来说不起作用。
As an alternative, I also attempted to set the --insecure-registry myurl.com:5000
option in the DOCKER_OPTS
environment variable (restarted docker), but this didn't work for me.
这篇关于使用Minikube时,不能从私人回购站拉扯码头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!