Gitlab pipeline failed : ERROR: Preparation failed: Error response from daemon: toomanyrequests
Gitlab pipeline failed : ERROR: Preparation failed: Error response from daemon: toomanyrequests
我有 Harbor 本地 docker 注册表,所有需要的图像都在那里,并将 GitLab 连接到 Harbor,所有图像都是从 Harbor 收到的,但是在 11 月 2 日之后,Docker限制拉取次数,似乎 dind 服务从 Docker 集线器拉取。
是否可以使用 dind 服务从 Harbor 拉取?
管道输出:
Running with gitlab-runner 12.10.1 (ce065b93)
on docker_runner_7 WykGNjC6
Preparing the "docker" executor
30:20
Using Docker executor with image **harbor**.XXX.XXXX.net/library/docker_maven_jvm14 ...
Starting service docker:**dind** ...
**Pulling docker image docker:dind** ...
**ERROR**: Preparation failed: Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (docker.go:198:2s)
Will be retried in 3s ...
Using Docker executor with image harbor.XXX.XXX.net/library/docker_maven_jvm14 ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
ERROR: Preparation failed: Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (docker.go:198:4s)
Will be retried in 3s ...
Using Docker executor with image harbor.XXX.XXX.net/library/docker_maven_jvm14 ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
ERROR: Preparation failed: Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (docker.go:198:3s)
Will be retried in 3s ...
ERROR: Job failed (system failure): Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (docker.go:198:3s)
我找不到 Gitlab 的解决方案,但你可以告诉 docker 忽略 docker 集线器注册表并转到本地注册表。
在/etc/docker/daemon.json中添加daemon.json
, 如果不存在你可以简单地添加路径。
daemon.json
{
"registry-mirrors": ["https://harbor.XXX.com"]
}
sudo systemctl restart docker
另一种方式:
如果你不想添加daemon.json,你可以这样做:
- 从 docker hub
拉取 docker-dind
docker pull docker:stable-dind
- 登录 harbor
docker login harbor.XXX.com
- 标记要隐藏的图片
docker tag docker:stable-dind harbor.XXX.com/library/docker:stable-dind
- 推到港口
docker push harbor.XXX.com/library/docker:stable-dind
前往.gitlab-ci.yml
而不是
services:
- docker:dind
写入:
services:
- name: harbor.XXX.com/library/docker:stable-dind
alias: docker
我的 .gitlab-ci.yml :
stages:
- build_and_push
Build:
image: ${DOCKER_REGISTRY}/library/docker:ci_tools
stage: build_and_push
tags:
- dind
services:
- name: ${DOCKER_REGISTRY}/library/docker:stable-dind
alias: docker
script:
- docker login -u $DOCKER_REGISTRY_USERNAME -p $DOCKER_REGISTRY_PASSWORD $DOCKER_REGISTRY
- make build test release REGISTRY=${DOCKER_REGISTRY}/library/ TELEGRAF_DOWNLOAD_URL="https://storage.XXX.com/ops/packages/telegraf-1.15.3_linux_amd64.tar.gz" TELEGRAF_SHA256="85a1ee372fb06921d09a345641bba5f3488d2db59a3fafa06f3f8c876523801d"
我在将一些微服务部署到 kube 集群时也遇到了同样的问题,这是我写的一篇博客,它提供了一种优化部署工作流程的解决方法:https://mailazy.com/blog/optimize-docker-pull-gitlab-pipelines/
我有 Harbor 本地 docker 注册表,所有需要的图像都在那里,并将 GitLab 连接到 Harbor,所有图像都是从 Harbor 收到的,但是在 11 月 2 日之后,Docker限制拉取次数,似乎 dind 服务从 Docker 集线器拉取。
是否可以使用 dind 服务从 Harbor 拉取?
管道输出:
Running with gitlab-runner 12.10.1 (ce065b93)
on docker_runner_7 WykGNjC6
Preparing the "docker" executor
30:20
Using Docker executor with image **harbor**.XXX.XXXX.net/library/docker_maven_jvm14 ...
Starting service docker:**dind** ...
**Pulling docker image docker:dind** ...
**ERROR**: Preparation failed: Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (docker.go:198:2s)
Will be retried in 3s ...
Using Docker executor with image harbor.XXX.XXX.net/library/docker_maven_jvm14 ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
ERROR: Preparation failed: Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (docker.go:198:4s)
Will be retried in 3s ...
Using Docker executor with image harbor.XXX.XXX.net/library/docker_maven_jvm14 ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
ERROR: Preparation failed: Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (docker.go:198:3s)
Will be retried in 3s ...
ERROR: Job failed (system failure): Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (docker.go:198:3s)
我找不到 Gitlab 的解决方案,但你可以告诉 docker 忽略 docker 集线器注册表并转到本地注册表。
在/etc/docker/daemon.json中添加daemon.json
, 如果不存在你可以简单地添加路径。
daemon.json
{
"registry-mirrors": ["https://harbor.XXX.com"]
}
sudo systemctl restart docker
另一种方式:
如果你不想添加daemon.json,你可以这样做:
- 从 docker hub 拉取 docker-dind
docker pull docker:stable-dind
- 登录 harbor
docker login harbor.XXX.com
- 标记要隐藏的图片
docker tag docker:stable-dind harbor.XXX.com/library/docker:stable-dind
- 推到港口
docker push harbor.XXX.com/library/docker:stable-dind
前往
.gitlab-ci.yml而不是
services:
- docker:dind
写入:
services:
- name: harbor.XXX.com/library/docker:stable-dind
alias: docker
我的 .gitlab-ci.yml :
stages:
- build_and_push
Build:
image: ${DOCKER_REGISTRY}/library/docker:ci_tools
stage: build_and_push
tags:
- dind
services:
- name: ${DOCKER_REGISTRY}/library/docker:stable-dind
alias: docker
script:
- docker login -u $DOCKER_REGISTRY_USERNAME -p $DOCKER_REGISTRY_PASSWORD $DOCKER_REGISTRY
- make build test release REGISTRY=${DOCKER_REGISTRY}/library/ TELEGRAF_DOWNLOAD_URL="https://storage.XXX.com/ops/packages/telegraf-1.15.3_linux_amd64.tar.gz" TELEGRAF_SHA256="85a1ee372fb06921d09a345641bba5f3488d2db59a3fafa06f3f8c876523801d"
我在将一些微服务部署到 kube 集群时也遇到了同样的问题,这是我写的一篇博客,它提供了一种优化部署工作流程的解决方法:https://mailazy.com/blog/optimize-docker-pull-gitlab-pipelines/