从jenkins(dind代理)处获取x509:与docker注册表对话时由未知机构签署的证书
我有一个私人注册中心,我使用自己的SSL证书。我似乎不能做的是让代理(Kubernetes pod模板)登录(或推送)到注册表,我花了好几个小时试图弄清楚这一切是如何粘合在一起的从jenkins(dind代理)处获取x509:与docker注册表对话时由未知机构签署的证书,docker,jenkins-pipeline,jenkins-plugins,dind,jenkins-kubernetes,Docker,Jenkins Pipeline,Jenkins Plugins,Dind,Jenkins Kubernetes,我有一个私人注册中心,我使用自己的SSL证书。我似乎不能做的是让代理(Kubernetes pod模板)登录(或推送)到注册表,我花了好几个小时试图弄清楚这一切是如何粘合在一起的 pipeline { agent { kubernetes { label "saas-fwk-deploy-${cto.devops.jenkins.Utils.getTimestamp()}" inheritFrom 'k8s-dind'
pipeline {
agent {
kubernetes {
label "saas-fwk-deploy-${cto.devops.jenkins.Utils.getTimestamp()}"
inheritFrom 'k8s-dind'
yaml """
spec:
containers:
- name: opstools
image: registry/tools:latest
workingDir: /home/jenkins
command:
- cat
tty: true
env:
- name: DOCKER_HOST
value: "tcp://127.0.0.1:2375"
securityContext:
allowPrivilegeEscalation: true
privileged: true
"""
}
}
options {
timeout(time: 12, unit: 'HOURS')
buildDiscarder(logRotator(daysToKeepStr: '7', artifactDaysToKeepStr: '0'))
skipDefaultCheckout()
disableConcurrentBuilds()
timestamps()
}
stages {
stage('deploy') {
steps {
container('opstools') {
sh "docker --version"
sh """
pwd
ls -al
mkdir -p ~/.docker/certs.d/harbor.net
curl -k -b cookie -o ~/.docker/certs.d/harbor.net/ca.crt https://saas2.cert.com/api/v1/pub/ingressca
cat ~/.docker/certs.d/harbor.net/ca.crt
docker info
docker login -u superadmin -p example harbor.net
"""
}
}
}
}
docker login -u superadmin -p example harbor.net
21:01:55 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
21:01:55 Error response from daemon: Get https://harbor.net/v2/: x509: certificate signed by unknown authority