package main

import (
	"bytes"
	"context"
	"fmt"
	"github.com/docker/docker/api/types"
	"github.com/docker/docker/client"
	"io"
)

func main()  {
	cli, err := client.NewEnvClient()
	if err != nil {
		panic(err.Error())
	}
	fmt.Println(cli.ClientVersion())
	fmt.Println("=====pull image=====")
	image := "xx/root/xx.cn:node-bootstrap-go-master"
	var pullReader io.ReadCloser
	pullReader, err = cli.ImagePull(context.Background(), image, types.ImagePullOptions{
		All:           false,
		RegistryAuth:  "",
		PrivilegeFunc: nil,
	})
	if err != nil {
		panic(err.Error())
	}
	defer pullReader.Close()
	buf := new(bytes.Buffer)
	buf.ReadFrom(pullReader)
	s := buf.String()
	fmt.Println("info:", s)
	fmt.Println("image pull success")
}

push

X-Registry-Auth

	var pushReader io.ReadCloser
	pushReader, err  = cli.ImagePush(context.Background(), image, types.ImagePushOptions{
		All:           false,
		RegistryAuth:  "",
		PrivilegeFunc: nil,
	})

RegistryAuth值爲空

如果RegistryAuth沒有值，那麼會報錯

panic: Error response from daemon: Bad parameters and missing X-Registry-Auth: EOF

https://github.com/moby/moby/issues/10983

RegistryAuth不爲空，但是值不正確

那麼會報錯

"errorDetail":{"message":"unauthorized: access to the requested resource is not authorized"},"error":"unauthorized: access to the requested resource is not authorized"}

x509: certificate signed by unknown authority

需要配置/etc/docker/daemon.json

在/etc/docker/daemon.json 添加--insecure-registry把私有鏡像倉庫放進去，比如

// reg.test.ocp.c2g.cn 是私有倉庫地址
[root@infra docker-demo]# vim /etc/docker/daemon.json 
 
{
  "registry-mirrors": ["https://xx.aliyuncs.com"],
  "insecure-registries": ["reg.test.ocp.c2g.cn"]
}

完整代碼

package main

import (
	"bytes"
	"context"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"github.com/docker/docker/api/types"
	"github.com/docker/docker/client"
	"io"
)

func main()  {
	cli, err := client.NewEnvClient()
	if err != nil {
		panic(err.Error())
	}
	fmt.Println(cli.ClientVersion())
	image := "xx/root/xx.cn:monitoring-1.0.0"
	user := "root"
	password := "11111111"
	authConfig := types.AuthConfig{Username: user, Password: password}
	encodedJSON, err := json.Marshal(authConfig)
	if err != nil {
		panic(err)
	}
	authStr := base64.URLEncoding.EncodeToString(encodedJSON)
	fmt.Println("push image")
	var pushReader io.ReadCloser
	pushReader, err  = cli.ImagePush(context.Background(), image, types.ImagePushOptions{
		All:           false,
		RegistryAuth:  authStr,
		PrivilegeFunc: nil,
	})
	if err != nil {
		panic(err.Error())
	}
	defer pushReader.Close()
	buf1 := new(bytes.Buffer)
	buf1.ReadFrom(pushReader)
	s1 := buf1.String()
	fmt.Println("info:", s1)
	fmt.Println("image push success")
}

配置daemon.json，增加私有倉庫地址到insecure-registry

代碼方式動態配置/etc/docker/daemon.json

daemon.json默認內容如下，(是默認給的內容)

{
     "registry-mirrors": [
          "http://mirror.local"
     ],
     "insecure-registries": [
          "registry.local"
     ],
     "mtu": 1360,
     "bip": "192.168.1.1/24"
}

現在新增的私有倉庫地址爲：xxx.xxx.xxx.xx

golang動態添加insecure-registry

完整代碼

package main

import (
	jsoniter "github.com/json-iterator/go"
	"io/ioutil"
	"os"
)

type DaemonJson struct {
	RegistryMirrors    []string `json:"registry-mirrors"`
	InsecureRegistries []string `json:"insecure-registries"`
	Mtu                float64  `json:"mtu"`
	Bip                string   `json:"bip"`
}

func main() {
	pwd, _ := os.Getwd()
	filePath := pwd + string(os.PathSeparator) + "/etc/daemon.json"
	body, err := ioutil.ReadFile(filePath)
	if err != nil {
		panic(err.Error())
	}
	var daemon DaemonJson
	err = jsoniter.Unmarshal(body, &daemon)
	if err != nil {
		panic(err.Error())
	}
	registry := "xxx.xxx.xxx.xxx"
	daemon.InsecureRegistries = append(daemon.InsecureRegistries, registry)
    // MarshalIndent，增加縮進，格式化輸出daemon.json
	content, err1 := jsoniter.MarshalIndent(daemon, "", "     ")
	if err1 != nil {
		panic(err1.Error())
	}
	err = ioutil.WriteFile(filePath, content, 0600)
	if err != nil {
		panic(err.Error())
	}
}

最終實現的效果

{
     "registry-mirrors": [
          "http://mirror.local"
     ],
     "insecure-registries": [
          "registry.local",
          "xxx"
     ],
     "mtu": 1360,
     "bip": "192.168.1.1/24"
}

修改了daemon.json後需要重啓docker纔會生效

systemctl restart docker

通過不重啓docker的方式修改daemon.json

dockerd啓動的時候讀取的是/etc/docker/daemon.json，要想不用重啓docker，那麼可以在dockerd啓動之前把daemon.json裏面的內容替換掉。

在dockerd的啓動腳本/usr/local/bin/dockerd-entrypoint.sh前替換想要修改的內容

腳本內容爲把daemon.json中的registry.local字符串替換爲環境變量IMAGE_REGISTRY的值。

#!/usr/bin/env bash
export LANG=zh_CN.utf8
sed -i "s/registry.local/$IMAGE_REGISTRY/g" /etc/docker/daemon.json
/usr/local/bin/dockerd-entrypoint.sh &

發表評論

所有評論

還沒有人評論，想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.

golang調用docker api pull/push image到私有倉庫，daemon.json增加insecure-registries

pull

沒有配置/etc/docker/daemon.json

配置了/etc/docker/daemon.json

完整代碼

push

X-Registry-Auth

RegistryAuth值爲空

RegistryAuth不爲空，但是值不正確

x509: certificate signed by unknown authority

完整代碼

配置daemon.json，增加私有倉庫地址到insecure-registry

通過不重啓docker的方式修改daemon.json

一鍵自動化博客發佈工具,用過的人都說好(頭條篇)

ubuntu 1804 apt source list

docker pull 指定 os/arch

docker啓動報錯：Failed to start Docker Application Container Engine。

cadvisor和node-exporter cpu/mem/disk/net io/disk io指標來源

移除項目裏面的idea文件夾:git rm --cached

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結