我正在使用一个dind(docker中的docker)映像,并使用以下参数将其旋转,以便为dockerhub提供内部代理回购
--insecure-registry=internalrepo.intra:5002 /
--registry-mirror=https://dockerproxy.intra:5000
在垃圾容器中,这些看起来不错
/ # ps
PID USER TIME COMMAND
1 root 0:09 dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --insecure-registry=internalrepo.intra:5002 --registry-mirror=https://dockerproxy.intra:5000
21 root 0:11 docker-containerd --config /var/run/docker/containerd/containerd.toml
178 root 0:00 /bin/sh
209 root 0:00 /bin/sh
233 root 0:00 ps
/ #
但是,当我尝试拉出图像时,该参数似乎被忽略了
# docker pull jenkins/jnlp-slave
Using default tag: latest
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
答案 0 :(得分:0)
错误消息令人困惑。问题不在于参数被忽略,而是https://dockerproxy.intra:5000
的证书不受信任。因此,将各个证书添加到图像的信任库中有助于克服Pro
ARG CERT_PATH=/usr/local/share/ca-certificates
# add sc certificates to certificates location and update ca-certificates
ADD mycert.crt $CERT_PATH/mycert.crt
RUN update-ca-certificates