首页 文章

Gitlab CI无法从私有docker注册表中提取图像

提问于
浏览
9

我想创建一个基于Docker的Gitlab CI运行器,它从私有Docker Registry(v2)中提取构建的docker镜像 . 我不能让Gitlab Runner从本地注册表中提取图像,它试图从 /v1 API中获取内容 . 我收到以下错误消息:

错误:构建失败:拉图像时出错:获取http:// registry:5000 / v1 / repositories / maven / images:在127.0.1.1:53上拨tcp:lookup注册表:没有这样的主机

这是一个最小的例子,使用docker-compose和Web浏览器 .

我有以下 docker-compose.yml 文件:

version: "2"

services:
  gitlab:
    image: gitlab/gitlab-ce
    ports:
      - "22:22"
      - "8080:80"
    links:
      - registry:registry

  gitlab_runner:
    image: gitlab/gitlab-runner
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    links:
      - registry:registry
      - gitlab:gitlab

  registry:
    image: registry:2

在第一次Gitlab登录后,我将跑步者注册到Gitlab实例中:

root@130d08732613:/# gitlab-runner register
Running in system-mode.                            

Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/ci):
http://192.168.61.237:8080/ci         
Please enter the gitlab-ci token for this runner:
tE_1RKnwkfj2HfHCcrZW
Please enter the gitlab-ci description for this runner:
[130d08732613]: docker
Please enter the gitlab-ci tags for this runner (comma separated):

Registering runner... succeeded                     runner=tE_1RKnw
Please enter the executor: docker-ssh+machine, docker, docker-ssh, parallels, shell, ssh, virtualbox, docker+machine:
docker
Please enter the default Docker image (eg. ruby:2.1):
maven:latest
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

在此之后,我在Gitlab实例中看到了Gitlab运行器:

Gitlab Runner in Gitlab instance

在此之后,我将一个简单的maven图像推送到我新创建的Docker存储库:

vilmosnagy@vnagy-dell:~/$ docker tag maven:3-jdk-7 172.19.0.2:5000/maven:3-jdk7
vilmosnagy@vnagy-dell:~/$ docker push 172.19.0.2:5000/maven:3-jdk7 
The push refers to a repository [172.19.0.2:5000/maven]
79ab7e0adb89: Pushed 
f831784a6a81: Pushed 
b5fc1e09eaa7: Pushed 
446c0d4b63e5: Pushed 
338cb8e0e9ed: Pushed 
d1c800db26c7: Pushed 
42755cf4ee95: Pushed 
3-jdk7: digest: sha256:135e7324ccfc7a360c7641ae20719b068f257647231d037960ae5c4ead0c3771 size: 1794

(我从 docker inspect 命令的输出中得到了 172.19.0.2 IP地址)

在此之后,我在Gitlab中创建一个测试项目并添加一个简单的 .gitlab-ci.yml 文件:

image: registry:5000/maven:3-jdk-7

stages:
  - build
  - test
  - analyze

maven_build:
  stage: build
  script:
    - "mvn -version"

在构建之后,Gitlab会在帖子的开头给出错误 .

如果我进入正在运行的gitlab-runner容器,我可以访问给定URL下的注册表:

vilmosnagy@vnagy-dell:~/$ docker exec -it comptest_gitlab_runner_1 bash
root@c0c5cebcc06f:/# curl http://registry:5000/v2/maven/tags/list
{"name":"maven","tags":["3-jdk7"]}
root@c0c5cebcc06f:/# exit
exit
vilmosnagy@vnagy-dell:~/$

但错误仍然相同:

Gitlab Runner in Gitlab instance

您是否知道如何强制gitlab-runner使用私有注册表的v2 api?

2 回答

  • 0

    较新的Gitlab和Gitlan Runners支持此功能,请参阅:https://docs.gitlab.com/runner/configuration/advanced-configuration.html#using-a-private-container-registry

    在较旧的Gitlab上我通过将auth键复制到 ~/.docker/config.json 来解决了这个问题 .

    {
            "auths": {
                    "my.docker.registry.url": {
                            "auth": "dmlsbW9zLm5hZ3k6VGZWNTM2WmhC"
                    }
            }
    }
    

    我已从我的计算机登录此容器并将此auth密钥复制到Gitlab Runner的docker容器中 .

  • 5

    你在Gitlab上运行什么版本的docker?此外,对于v2注册表,您必须使用命令行开关显式允许不安全的注册表,或使用证书保护您的注册表 .

    否则,如果获得安全性异常,Docker将回退到v1注册表 .

相关问题