在 us.icr.io 登录 IBM Cloud Container Registry 失败
Logging in to IBM Cloud Container Registry fails at us.icr.io
首先,我是 IBM Cloud 世界的新手。
我正在按照一些准则将映像推送到 IBM Cloud Container Registry。但是我在登录 Container Registry 时遇到问题。
我使用的命令是:
ibmcloud cr login
响应是:
Logging in to 'registry.ng.bluemix.net'...
Logged in to 'registry.ng.bluemix.net'.
Logging in to 'us.icr.io'...
FAILED
Failed to 'docker login' to 'us.icr.io' with error: WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://us.icr.io/v2/: x509: certificate signed by unknown authority
查看错误 certificate signed by unknown authority 似乎我的 docker 需要一些证书才能与 us.icr.io 连接。
我的 Docker 版本是 2.2.0.3
如故障排除文档中所述here。
你能更新容器注册表插件吗?使用以下命令
ibmcloud plugin update container-registry
此外,请确保 Docker 守护进程是 运行 下面的命令
docker ps
You can't log in to IBM Cloud Container Registry.
What's happening
The ibmcloud cr login command fails.
Why it's happening
The following alternatives are possible causes:
The container-registry CLI plug-in is out of date and needs updating.
Docker is not installed on your local computer, or is not running.
Your IBM Cloud login credentials have expired.
How to fix it
You can fix this problem in the following ways:
Upgrade to the most recent version of the container-registry CLI plug-in, see Updating the container-registry CLI plug-in.
Ensure that Docker is installed on your computer. If it is already installed, restart the Docker daemon.
Rerun the ibmcloud login command to refresh your IBM Cloud login credentials.
更新
有很多方法可以解决证书问题
- 在 instructions mentioned here、
之后创建客户端证书
openssl genrsa -out client.key 4096
openssl req -new -x509 -text -key client.key -out client.cert
- 按照 instructions here 添加您的客户端证书。将
<MyRegistry>:<Port> 替换为 us.icr.io
- 对于服务器端证书,检查 this link 以获得
ca.crt
您是否尝试过 运行 挖掘 us.icr.io 只是为了检查您是否访问了正确的主机?
此页面显示 us.icr.io https://cloud.ibm.com/docs/containers?topic=containers-firewall#firewall_outbound 的所有子网
他们是:
169.61.234.224/29
169.61.135.160/29
169.61.46.80/29
如果您不打算使用其中之一,是否有某种代理会干扰 DNS 解析?
我犯了同样的错误,认为我需要使用区域特定端点。经过一些挖掘后,情况并非如此,除非您出于特定原因需要特定区域 url。
正如我从 ibm registry regions 文档中引用的那样:
The default instance of IBM Cloud Container Registry is the global registry. The global registry doesn't include a region in its domain name (icr.io).
结论:将us.icr.io替换为icr.io
更新:
确保您先登录到 ibmcloud:
ibmcloud login --apikey replace_me_with_IAM_apikey --no-region
做第二个:
ibmcloud cr login
首先,我是 IBM Cloud 世界的新手。
我正在按照一些准则将映像推送到 IBM Cloud Container Registry。但是我在登录 Container Registry 时遇到问题。
我使用的命令是:
ibmcloud cr login
响应是:
Logging in to 'registry.ng.bluemix.net'...
Logged in to 'registry.ng.bluemix.net'.
Logging in to 'us.icr.io'...
FAILED
Failed to 'docker login' to 'us.icr.io' with error: WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://us.icr.io/v2/: x509: certificate signed by unknown authority
查看错误 certificate signed by unknown authority 似乎我的 docker 需要一些证书才能与 us.icr.io 连接。
我的 Docker 版本是 2.2.0.3
如故障排除文档中所述here。
你能更新容器注册表插件吗?使用以下命令
ibmcloud plugin update container-registry
此外,请确保 Docker 守护进程是 运行 下面的命令
docker ps
You can't log in to IBM Cloud Container Registry.
What's happening The ibmcloud cr login command fails.
Why it's happening The following alternatives are possible causes:
The container-registry CLI plug-in is out of date and needs updating. Docker is not installed on your local computer, or is not running. Your IBM Cloud login credentials have expired. How to fix it
You can fix this problem in the following ways:
Upgrade to the most recent version of the container-registry CLI plug-in, see Updating the container-registry CLI plug-in. Ensure that Docker is installed on your computer. If it is already installed, restart the Docker daemon. Rerun the ibmcloud login command to refresh your IBM Cloud login credentials.
更新
有很多方法可以解决证书问题
- 在 instructions mentioned here、 之后创建客户端证书
openssl genrsa -out client.key 4096 openssl req -new -x509 -text -key client.key -out client.cert
- 按照 instructions here 添加您的客户端证书。将
<MyRegistry>:<Port>替换为us.icr.io - 对于服务器端证书,检查 this link 以获得
ca.crt
您是否尝试过 运行 挖掘 us.icr.io 只是为了检查您是否访问了正确的主机?
此页面显示 us.icr.io https://cloud.ibm.com/docs/containers?topic=containers-firewall#firewall_outbound 的所有子网 他们是: 169.61.234.224/29 169.61.135.160/29 169.61.46.80/29
如果您不打算使用其中之一,是否有某种代理会干扰 DNS 解析?
我犯了同样的错误,认为我需要使用区域特定端点。经过一些挖掘后,情况并非如此,除非您出于特定原因需要特定区域 url。
正如我从 ibm registry regions 文档中引用的那样:
The default instance of IBM Cloud Container Registry is the global registry. The global registry doesn't include a region in its domain name (icr.io).
结论:将us.icr.io替换为icr.io
更新:
确保您先登录到 ibmcloud:
ibmcloud login --apikey replace_me_with_IAM_apikey --no-region
做第二个:
ibmcloud cr login