泊塢窗：註冊表：無法從別人的私有註冊

Question

拉我想從別人的私人註冊表[containerregistry.us.xxxxx.com:8088]拉碼頭工人的形象。當我拉着泊塢窗像我收到此錯誤

[root@bmcapp ~]# docker pull containerregistry.us.xxxxx.com:8088/kafk-server:1 
Error response from daemon: Get https://containerregistry.us.xxxxx.com:8088/v1/_ping: x509: certificate signed by unknown authority 

1）我嘗試添加在此文件夾/etc/docker/certs.d/containerregistry.us.xxxxx.com:8088他們給出ca.crt證書。

2）然後在docker.service文件在/usr/lib/systemd/system/，我試圖在docker.service加入 --insecure-註冊表containerregistry.us.xxxxx.com:8088 在該行這樣 ExecStart=/usr/bin/dockerd

TO

ExecStart=/usr/bin/dockerd --insecure-registry containerregistry.us.xxxxx.com:8088 

然後我重新啓動碼頭工人和守護

[root@bmcapp ~]#systemctl daemon-reload 


[root@bmcapp ~]#systemctl restart docker 
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.`                     

配置：

[root@bm ~]# docker info 
Containers: 113 
Running: 29 
Paused: 0 
Stopped: 84 
Images: 50 
Server Version: 1.13.1 
Storage Driver: overlay2 
Kernel Version: 4.1.12-61.1.28.el7uek.x86_64 
Operating System: Oracle Linux Server 7.3 
OSType: linux 
Architecture: x86_64 
CPUs: 4 

Answer 1

另一種方法是設置環境變量DOCKER_OPTS與不安全的註冊表，重啓的多克爾守護一次。

export DOCKER_OPTS="--insecure-registry containerregistry.us.xxxxx.com:8088" 

然後，嘗試登錄到註冊表。

docker login containerregistry.us.xxxxx.com:8088 

如果您想這個環境變量要堅持，把它放在你的bashrc/bash_profile

一個更好的方式來做到這僅僅是使用LetsEncrypt生成有效的SSL證書。