泊坞窗：注册表：无法从别人的私有注册

Question

拉我想从别人的私人注册表[containerregistry.us.xxxxx.com:8088]拉码头工人的形象。当我拉着泊坞窗像我收到此错误

[root@bmcapp ~]# docker pull containerregistry.us.xxxxx.com:8088/kafk-server:1 
Error response from daemon: Get https://containerregistry.us.xxxxx.com:8088/v1/_ping: x509: certificate signed by unknown authority 

1）我尝试添加在此文件夹/etc/docker/certs.d/containerregistry.us.xxxxx.com:8088他们给出ca.crt证书。

2）然后在docker.service文件在/usr/lib/systemd/system/，我试图在docker.service加入 --insecure-注册表containerregistry.us.xxxxx.com:8088 在该行这样 ExecStart=/usr/bin/dockerd

TO

ExecStart=/usr/bin/dockerd --insecure-registry containerregistry.us.xxxxx.com:8088 

然后我重新启动码头工人和守护

[root@bmcapp ~]#systemctl daemon-reload 


[root@bmcapp ~]#systemctl restart docker 
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.`                     

配置：

[root@bm ~]# docker info 
Containers: 113 
Running: 29 
Paused: 0 
Stopped: 84 
Images: 50 
Server Version: 1.13.1 
Storage Driver: overlay2 
Kernel Version: 4.1.12-61.1.28.el7uek.x86_64 
Operating System: Oracle Linux Server 7.3 
OSType: linux 
Architecture: x86_64 
CPUs: 4 

Answer 1

另一种方法是设置环境变量DOCKER_OPTS与不安全的注册表，重启的多克尔守护一次。

export DOCKER_OPTS="--insecure-registry containerregistry.us.xxxxx.com:8088" 

然后，尝试登录到注册表。

docker login containerregistry.us.xxxxx.com:8088 

如果您想这个环境变量要坚持，把它放在你的bashrc/bash_profile

一个更好的方式来做到这仅仅是使用LetsEncrypt生成有效的SSL证书。