根据https://docs.openshift.org/latest/dev_guide/managing_images.html,我通过命令生成了一个名为'test-secret'的秘密:
oc secrets new-dockercfg test-secret \
--docker-server=my.registry.com:5000 \ #if the port '5000' needed? But I get the same error with the two cases
--docker-username=origin \
--docker-password=XXX \
--docker-email=origin@XXX.com
然后通过以下方式将密码添加到serviceaccount:
oc secrets link default test-secret --for=pull
oc secrets link builder test-secret
注册证书'ca.crt'已经上架
'/etc/docker/cert.d/registry.example.com:5000/ca.crt',我可以按docker pull registry.example.com:5000/XXX/XXXX:XXX提取图片。
但运行时会出现错误:
oc import-image XXX:master --from=registry.example.com:5000/XXX/XXXX --confirm:
The import completed with errors.
Name: XXX
Namespace: XXXX
Created: 20 minutes ago
Labels: <none>
Annotations: openshift.io/image.dockerRepositoryCheck=2017-03-31T07:02:41Z
Docker Pull Spec: 172.30.81.113:5000/XXXX/XXX
Unique Images: 0
Tags: 1
master
tagged from registry.XXXX.com:5000/XXX/XXXX
! error: Import failed (InternalError): Internal error occurred: Get
https://registry.XXXX.com:5000/v2/XXXX/manifests/latest: denied: access forbidden
20 minutes ago
注册服务器记录:
time="2017-03-31T07:49:14.323833338Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.6.2 http.request.host="registry.example.com:5000" http.request.id=7476c6f4-b563-4132-8912-f0f19a5beb72 http.request.method=GET http.request.remoteaddr="192.168.1.23:52540" http.request.uri="/v2/" http.request.useragent="Go-http-client/1.1" instance.id=0b54b523-31bf-4b56-adcc-e20320f4cea9 service=registry version=v2.4.1
192.168.1.23 - - [31/Mar/2017:07:49:14 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "Go-http-client/1.1"
请帮忙!
答案 0 :(得分:1)
对于gitlab: 使用相同的凭据创建和链接2个机密,首先是gitlab的docker注册表URL,第二个是gitlab url。