我正在运行OpenShift 3.11版本,并遵循了本文档中的说明:https://docs.openshift.com/container-platform/3.11/install_config/registry/accessing_registry.html
但是,每当我运行以下命令时,我都会看到错误:
docker push 172.30.<num>.<num>:5000/project/image
received unexpected HTTP status: 500 Internal Server Error
我还检查了注册表日志的输出:
oc logs dc/docker-registry
它模糊了巨大的输出,但是这引起了我的注意:
imagestreams.image.openshift.io <> is forbidden: User \"system:serviceaccount:registry\" cannot get imagestreams.image.openshift.io in the namespace \"<>\": no RBAC policy matched"
因此,我很困惑为什么会遇到此权限问题。根据文档,它应该已经工作并且不需要图像流,并且我应该能够将Docker图像直接推送到注册表中。有人知道我在这里缺少什么吗?
编辑:
下面是整个设置的完整列表命令:
oc cluster up <params>
Created a new project as a test setup and that works.
htpasswd -c /etc/origin/openshift-htpasswd <username> (I use the same <username> by using which I created the project above.)
oc login -u <username> -p <password>
oc policy add-role-to-user registry-editor <username>
oc adm registry
oc get svc/docker-registry (make note of cluster ip and port)
Modify or create /etc/docker/daemon.json
{
"insecure-registries" : [ "cluster ip:port" ]
}
systemctl restart docker
Restart cluster and login again using <username>
docker login -u nouser -p $(oc whoami -t) cluster ip:port
docker push cluster ip:port/project/image
This is where I see 500 internal server error.
Cluster ip has the format of 172.30.<num>.<num>:5000
docker-registry
之前使用正确的帐户登录过内部docker push
吗?此帐户应具有在您指定为“ 172.30 ..:5000 /project
/ image”的目标project
上推送或创建图像的权限。$ oc login -u username -p password
$ oc whoami -t
...TOKEN...
$ docker login -u unused -p ...TOKEN... 172.30.<num>.<num>:5000
$ docker push 172.30.<num>.<num>:5000/project/image:tag
希望对您有帮助。