問題情況
Docker版本在v23.0以後,只要Dockerfile中FROM的私庫鏡像不存在本地,就會報錯:
# 我本地是v24.0.2版本Docker
[root@localhost ipd]# docker build . -t harbor.xxx.com.cn/test/bap:2.7.1
[+] Building 0.6s (3/3) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.2s
=> => transferring dockerfile: 1.05kB 0.0s
=> [internal] load .dockerignore 0.2s
=> => transferring context: 2B 0.0s
=> ERROR [internal] load metadata for harbor.xxx.com.cn/xxx/tomcat:8.5.90-jdk8-temurin 0.0s
------
> [internal] load metadata for harbor.xxx.com.cn/xxx/tomcat:8.5.90-jdk8-temurin:
------
Dockerfile:2
--------------------
1 | #指定基礎鏡像
2 | >>> FROM harbor.xxx.com.cn/xxx/tomcat:8.5.90-jdk8-temurin
3 | #指定環境變量,時區
4 | ENV TZ=Asia/Shanghai
--------------------
ERROR: failed to solve: harbor.xxx.com.cn/xxx/tomcat:8.5.90-jdk8-temurin: failed to do request: Head "https://harbor.xxx.com.cn/v2/xxx/tomcat/manifests/8.5.90-jdk8-temurin": tls: failed to verify certificate: x509: certificate signed by unknown authority
但我已經在 /etc/docker/daemon.json 中正確配置了 insecure-registries了,即能 pull 也能 push。
問題原因
Docker在v23.0版本及以後,使用了build-kit代替了舊的實現,目前build-kit對insecure-registries配置可能沒做兼容,構建Dockerfile FROM鏡像時未判斷是私庫,導致報錯。
處理方式
目前(2023.07.21)辦法就一個,在 ~/.bashrc 或 /etc/profile 添加一行 export DOCKER_BUILDKIT=0,然後 source 一個修改的配置文件。
命令示例:
echo "export DOCKER_BUILDKIT=0" >> ~/.bashrc
source ~/.bashrc
後邊如果有新的處理辦法或者哪個版本解決這個問題,再來更貼。
本文引用: