我能'；t登录docker中的Gitlab容器注册表

我有这个项目结构

/sameer
|_ /certs
    |_ localhost-auth.crt
    |_ localhost-auth.csr
    |_ localhost-auth.key
|_ /projects
    |_ /sampleapp
        |_ ...[several python files]
        |_ Dockerfile
        |_ .gitlab-ci.yml
|_ docker-compose.yml

我有这个

docker compose.yml

文件

version: '2.2'

services:
  redis:
    restart: always
    image: sameersbn/redis:latest
#    ports:
#    - "6379:6379" #optional
    command:
    - --loglevel warning
    volumes:
    - redis:/var/lib/redis:Z

  postgresql:
    restart: always
    image: sameersbn/postgresql:9.5-3
    volumes:
    - postgresql:/var/lib/postgresql:Z
    environment:
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production
    - DB_EXTENSION=pg_trgm



  gitlab:
    cpu_count: 2 # as described here: https://docs.gitlab.com/ce/install/requirements.html#cpu
    mem_limit: 4000000000 # as described here: https://docs.gitlab.com/ce/install/requirements.html#memory
    restart: always
    image: sameersbn/gitlab:10.1.1
#    build:
#      context: ./images/gitlab
#      dockerfile: Dockerfile
##      args:
##        buildno: 1
    volumes:
    - gitlab-data:/home/git/data:Z
    - gitlab-logs:/var/log/gitlab
    - ./certs:/certs
    depends_on:
    - redis
    - postgresql
    ports:
    - "80:80"
    - "2222:22"
    external_links:
    - "registry:registry"
    environment:
    - DEBUG=false

    - DB_ADAPTER=postgresql
    - DB_HOST=postgresql
    - DB_PORT=5432
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production

    - REDIS_HOST=redis
    - REDIS_PORT=6379

    - GITLAB_HTTPS=false # <--- for some reason breaks when true
    - SSL_SELF_SIGNED=true # <---

    - GITLAB_HOST=192.168.99.101 # <---
    - GITLAB_PORT=80
    - GITLAB_SSH_PORT=2222
    - GITLAB_SHELL_SSH_PORT=2222
    - GITLAB_RELATIVE_URL_ROOT=
    - GITLAB_SECRETS_DB_KEY_BASE=secret
    - GITLAB_SECRETS_SECRET_KEY_BASE=secret
    - GITLAB_SECRETS_OTP_KEY_BASE=secret

    - GITLAB_REGISTRY_ENABLED=true
    - GITLAB_REGISTRY_HOST=localhost # <---

    - GITLAB_REGISTRY_PORT=5000
    - GITLAB_REGISTRY_API_URL=https://localhost:5000/ # Internal address to the registry, will be used by GitLab to directly communicate with API.

    - GITLAB_REGISTRY_CERT_PATH=/certs/localhost-auth.crt # <---
    - GITLAB_REGISTRY_KEY_PATH=/certs/localhost-auth.key # <---



  # Read :
  #https://hub.docker.com/r/sameersbn/gitlab-ci-multi-runner/
  #https://docs.gitlab.com/runner/
  #http://docs.gitlab.com/runner/register/index.html
  runner:
    restart: always
    image: gitlab/gitlab-runner:latest
#    build:
#      context: ./images/gitlab-runner
#      dockerfile: Dockerfile
##      args:
##        buildno: 1
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock # so the DinD can connect to the host's docker endpoint
    - ./certs:/etc/gitlab-runner/certs
    # Read
    # https://docs.gitlab.com/runner/commands/README.html#using-environment-variables
    environment:
    - RUNNER_NAME=${GL_DEFAULT_RUNNER_NAME}

    - CI_SERVER_URL=http://192.168.99.101/ci/ # depending on the host
    - REGISTRATION_TOKEN=${TOKEN_FROM_GL_UI} # must be grabbed from "Admin Area->Overview->Runners"

    - RUNNER_EXECUTOR=docker
    - REGISTER_NON_INTERACTIVE=true # Run registration unattended

    - REGISTER_RUN_UNTAGGED=true
    - REGISTER_LOCKED=false
    - RUNNER_CACHE_DIR=cache
    - DOCKER_IMAGE=docker:latest
    - DOCKER_PRIVILEGED=true # If you want to use docker-in-docker mode, you always have to use privileged = true in your Docker containers
    - DOCKER_VOLUMES=/var/run/docker.sock:/var/run/docker.sock # so the DinD can connect to the host's docker endpoint

    - CI_SERVER_TLS_CA_FILE=/etc/gitlab-runner/certs/localhost-auth.cert
    - CI_SERVER_TLS_CERT_FILE=/etc/gitlab-runner/certs/localhost-auth.cert
    - CI_SERVER_TLS_KEY_FILE=/etc/gitlab-runner/certs/localhost-auth.key
#     - DOCKER_AUTH_CONFIG=
#     - CONFIG_FILE=
#     - RUNNER_TAG_LIST=
#     - CI_SERVER_TOKEN=



#read here : https://m42.sh/gitlab-registry.html
  registry:
    restart: always
    image: registry:2.4.1
    ports:
    - "5000:5000"
    volumes:
    - registry-data:/var/lib/registry
    - ./certs:/certs
    external_links:
    - "gitlab:gitlab"
    environment:
    - REGISTRY_LOG_LEVEL=debug
    - REGISTRY_STORAGE_DELETE_ENABLED=true
    - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry

    - REGISTRY_AUTH_TOKEN_REALM=https://localhost/jwt/auth # <---
    - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
    - REGISTRY_AUTH_TOKEN_ISSUER=localhost
    - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/localhost-auth.crt # <---

    - SSL_REGISTRY_KEY_PATH=/certs/localhost-auth.key # <---
    - SSL_REGISTRY_CERT_PATH=/certs/localhost-auth.crt # <---

    - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/localhost-auth.crt # <---
    - REGISTRY_HTTP_TLS_KEY=/certs/localhost-auth.key # <---
    - REGISTRY_HTTP_SECRET=secret



  portainer:
    restart: always
    image: portainer/portainer:1.15.1
    ports:
      - "9001:9000"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "/opt/portainer:/data"
    command: --no-auth



#  scope:
#    image: weaveworks/scope:latest #1.6.4
#    ports:
#      - "0.0.0.0:4040:4040"
##    network_mode: "host"
#    pid: "host"
#    privileged: true
#    labels:
#      - "works.weave.role=system"
#    volumes:
#      - "/var/run/docker.sock:/var/run/docker.sock:rw" # can be used on Linux only
#    command:
#      - "--probe.docker=true"



volumes:
    gitlab-data:
    gitlab-logs:
    postgresql:
    redis:
    registry-data:

当我通过

docker compose up-d

创建容器时，我将启用注册表，并且我可以从Gitlab UI[Projects->sampleapp->registry]看到它与Gitlab服务器连接

然后我

commit

和

push

我的代码，Gitlab接收作业并将其转发给Gitlab runner。Gitlab runner将执行

.Gitlab ci.yml

文件，我在其中描述我希望Gitlab runner容器中的docker executor（？）登录到注册表，根据提供的docker文件将代码构建到容器中，然后将其推送到注册表

问题是它没有登录到注册表

从我无数次的测试中，我了解到，出于某种原因，运行程序试图[通过gitlab]对注册表进行身份验证，但无法

我得到的一些错误是：

+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
+ docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx registry:5000
+ :
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://registry:5000/v2/: dial tcp: lookup registry on 10.0.2.3:53: server misbehaving

或

或

此外，从runner容器内部，我可以

ping

registry fine

正如您在

docker compose.yml

文件中所看到的，我已经提供了证书到所有相关容器的路径作为环境变量

---

那么，我做错了什么？任何指针将不胜感激

我有几乎相同的问题，但我有一个外部服务器上运行的Docker注册表。运行程序可以使用Regsitry进行身份验证，但在Gitlab EE中，注册表页是空的，没有图像。看起来像是一个授权问题。你同时发现问题了吗？没有…我不试了。我使用Azure私有注册表，一切都很顺利。好的，谢谢你的提醒。

+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
+ docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx registry:5000
+ :
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://registry:5000/v2/: dial tcp: lookup registry on 10.0.2.3:53: server misbehaving

+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
+ docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx localhost:5000
+ :
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get http://localhost:5000/v2/: dial tcp 127.0.0.1:5000: getsockopt: connection refused

+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
+ docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx 192.168.99.101:5000
+ :
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://192.168.99.101:5000/v2/: x509: cannot validate certificate for 192.168.99.101 because it doesn't contain any IP SANs