今天我正在为不再活跃的开发人员清理旧的 Gitlab 帐户。我删除了负责所有初始部署基础设施的第一个开发人员的一个帐户。
我们使用 Docker 和 Gitlab CI/CD。据我所知,我们还使用 Gitlab 的包和/或容器注册表。
刚才去deploy了,pull好像不行:
*** System restart required ***
Pulling prerender ... done
Pulling mysql ... done
Pulling mongo ... done
Pulling server ... error
Pulling client ... error
Pulling nginx ... done
Pulling redis ... done
ERROR: for server pull access denied for registry.gitlab.com/foobar/repo-1, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
ERROR: for client pull access denied for registry.gitlab.com/foobar/repo-2, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
ERROR: pull access denied for registry.gitlab.com/foobar/repo-2, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
我不太熟悉 Docker 和 Gitlab 的 CI/CD/Registries 功能。任何关于从哪里开始寻找让事情重回正轨的建议都将不胜感激!
事实证明,CI 正在使用该用户从 gitlab 注册表中获取 docker 镜像。
为了解决这个问题,我:
docker login registry.gitlab.com/company/repo1 -u company-bot -p personal-token
docker login registry.gitlab.com/company/repo2 -u company-bot -p personal-token
这样,登录凭据不会针对实际用户存储,因此将来删除用户应该是安全的。