Docker信任私有仓库

获取Docker系统Loaded文件位置

如下：本例子中Loaded文件位置为/usr/lib/systemd/system/docker.service

[root@localhost ~]# systemctl  status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-11-03 16:16:42 CST; 24h ago
     Docs: https://docs.docker.com
 Main PID: 82654 (dockerd)
    Tasks: 47
   Memory: 139.9M
   CGroup: /system.slice/docker.service
           ├─82654 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
           └─84975 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.2 -container-port 80

Nov 03 16:23:33 localhost.localdomain dockerd[82654]: time="2021-11-03T16:23:33.326803810+08:00" level=error msg="stream copy error: reading from a closed fifo"
[root@localhost ~]# 

编辑Docker系统Loaded文件

• Docker 19.0 以前

在ExecStart= 后面追加–insecure-registry参数，有多少个仓库需要信任追加多少个

ExecStart=/usr/bin/dockerd  --insecure-registry=harbor.cserverloongnix.com --insecure-registry=harbor.loongnix.cn  

• Docker 19.0及以后

在/etc/docker/daemon.json配置文件中配置insecure-registries参数，多个仓库以”,”分隔

[root@localhost ~]# cat /etc/docker/daemon.json 
{
   "data-root": "/var/lib/docker",
   "insecure-registries": ["harbor.demo.cn","harbor.demo.com"],
   "registry-mirrors": [
                   "https://docker.mirrors.ustc.edu.cn",
                   "http://hub-mirror.c.163.com"
                       ],
   "exec-opts": ["native.cgroupdriver=systemd"],

   "storage-driver": "overlay2"

}

重启服务测试效果

systemctl daemon-reload 
systemctl restart docker
docker pull harbor.demo.cn/public/demo:v1
docker pull harbor.demo.com/public/demo:v1

本作品采用《CC 协议》，转载必须注明作者和本文链接