目錄
配置daemon.json,增加私有倉庫地址到insecure-registry
pull
沒有配置/etc/docker/daemon.json
報錯
Error response from daemon: Get https://reg.test.ocp.c2g.cn/v2/: x509: certificate signed by unknown authority
配置了/etc/docker/daemon.json
pull 正常,不需要私有倉庫的賬號密碼
完整代碼
package main
import (
"bytes"
"context"
"fmt"
"github.com/docker/docker/api/types"
"github.com/docker/docker/client"
"io"
)
func main() {
cli, err := client.NewEnvClient()
if err != nil {
panic(err.Error())
}
fmt.Println(cli.ClientVersion())
fmt.Println("=====pull image=====")
image := "xx/root/xx.cn:node-bootstrap-go-master"
var pullReader io.ReadCloser
pullReader, err = cli.ImagePull(context.Background(), image, types.ImagePullOptions{
All: false,
RegistryAuth: "",
PrivilegeFunc: nil,
})
if err != nil {
panic(err.Error())
}
defer pullReader.Close()
buf := new(bytes.Buffer)
buf.ReadFrom(pullReader)
s := buf.String()
fmt.Println("info:", s)
fmt.Println("image pull success")
}
push
X-Registry-Auth
var pushReader io.ReadCloser
pushReader, err = cli.ImagePush(context.Background(), image, types.ImagePushOptions{
All: false,
RegistryAuth: "",
PrivilegeFunc: nil,
})
RegistryAuth值爲空
如果RegistryAuth沒有值,那麼會報錯
panic: Error response from daemon: Bad parameters and missing X-Registry-Auth: EOF
https://github.com/moby/moby/issues/10983
RegistryAuth不爲空,但是值不正確
那麼會報錯
"errorDetail":{"message":"unauthorized: access to the requested resource is not authorized"},"error":"unauthorized: access to the requested resource is not authorized"}
x509: certificate signed by unknown authority
需要配置/etc/docker/daemon.json
在/etc/docker/daemon.json 添加--insecure-registry把私有鏡像倉庫放進去,比如
// reg.test.ocp.c2g.cn 是私有倉庫地址
[root@infra docker-demo]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://xx.aliyuncs.com"],
"insecure-registries": ["reg.test.ocp.c2g.cn"]
}
完整代碼
package main
import (
"bytes"
"context"
"encoding/base64"
"encoding/json"
"fmt"
"github.com/docker/docker/api/types"
"github.com/docker/docker/client"
"io"
)
func main() {
cli, err := client.NewEnvClient()
if err != nil {
panic(err.Error())
}
fmt.Println(cli.ClientVersion())
image := "xx/root/xx.cn:monitoring-1.0.0"
user := "root"
password := "11111111"
authConfig := types.AuthConfig{Username: user, Password: password}
encodedJSON, err := json.Marshal(authConfig)
if err != nil {
panic(err)
}
authStr := base64.URLEncoding.EncodeToString(encodedJSON)
fmt.Println("push image")
var pushReader io.ReadCloser
pushReader, err = cli.ImagePush(context.Background(), image, types.ImagePushOptions{
All: false,
RegistryAuth: authStr,
PrivilegeFunc: nil,
})
if err != nil {
panic(err.Error())
}
defer pushReader.Close()
buf1 := new(bytes.Buffer)
buf1.ReadFrom(pushReader)
s1 := buf1.String()
fmt.Println("info:", s1)
fmt.Println("image push success")
}
配置daemon.json,增加私有倉庫地址到insecure-registry
代碼方式動態配置/etc/docker/daemon.json
daemon.json默認內容如下,(是默認給的內容)
{
"registry-mirrors": [
"http://mirror.local"
],
"insecure-registries": [
"registry.local"
],
"mtu": 1360,
"bip": "192.168.1.1/24"
}
現在新增的私有倉庫地址爲:xxx.xxx.xxx.xx
golang動態添加insecure-registry
完整代碼
package main
import (
jsoniter "github.com/json-iterator/go"
"io/ioutil"
"os"
)
type DaemonJson struct {
RegistryMirrors []string `json:"registry-mirrors"`
InsecureRegistries []string `json:"insecure-registries"`
Mtu float64 `json:"mtu"`
Bip string `json:"bip"`
}
func main() {
pwd, _ := os.Getwd()
filePath := pwd + string(os.PathSeparator) + "/etc/daemon.json"
body, err := ioutil.ReadFile(filePath)
if err != nil {
panic(err.Error())
}
var daemon DaemonJson
err = jsoniter.Unmarshal(body, &daemon)
if err != nil {
panic(err.Error())
}
registry := "xxx.xxx.xxx.xxx"
daemon.InsecureRegistries = append(daemon.InsecureRegistries, registry)
// MarshalIndent,增加縮進,格式化輸出daemon.json
content, err1 := jsoniter.MarshalIndent(daemon, "", " ")
if err1 != nil {
panic(err1.Error())
}
err = ioutil.WriteFile(filePath, content, 0600)
if err != nil {
panic(err.Error())
}
}
最終實現的效果
{
"registry-mirrors": [
"http://mirror.local"
],
"insecure-registries": [
"registry.local",
"xxx"
],
"mtu": 1360,
"bip": "192.168.1.1/24"
}
修改了daemon.json後需要重啓docker纔會生效
systemctl restart docker
通過不重啓docker的方式修改daemon.json
dockerd啓動的時候讀取的是/etc/docker/daemon.json,要想不用重啓docker,那麼可以在dockerd啓動之前把daemon.json裏面的內容替換掉。
在dockerd的啓動腳本/usr/local/bin/dockerd-entrypoint.sh前替換想要修改的內容
腳本內容爲把daemon.json中的registry.local字符串替換爲環境變量IMAGE_REGISTRY的值。
#!/usr/bin/env bash
export LANG=zh_CN.utf8
sed -i "s/registry.local/$IMAGE_REGISTRY/g" /etc/docker/daemon.json
/usr/local/bin/dockerd-entrypoint.sh &