我已经设置了一个Docker runner,想要在本地仓库中运行存储的镜像。我的/etc/gitlab-runner/config.toml文件如下:
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "Docker runner"
url = "https://gitlab.str.corp/"
token = "*secret*"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "gitlab.example.com:4443/docker:19.03.1-dind"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/certs/client", "/cache"]
shm_size = 0
当我提交作业时,它会在runner上启动,但是无法拉取镜像。
Running with gitlab-runner 13.4.0 (4e1f20da)
on Docker runner abcde123
Preparing the "docker" executor
Using Docker executor with image gitlab.example.com:4443/docker:19.03.8-git ...
Starting service gitlab.example.com/docker:19.03.1-dind ...
Authenticating with credentials from /root/.docker/config.json
Pulling docker image gitlab.example.com:4443/docker:19.03.1-dind ...
ERROR: Job failed: Error response from daemon: pull access denied for gitlab.example.com:4443/docker, repository does not exist or may require 'docker login': denied: requested access to the resource is denied (docker.go:142:0s)
docker login
是问题所在。如果我尝试从命令行运行 docker pull <image>
,我会得到相同的错误。然后进行 docker login
就可以拉取镜像了。我很确定只需要在拉取镜像之前运行
echo $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
,但我不知道如何使其运行。Docker 镜像存储在 GitLab 集成仓库中。 此页面 显示认证应该自动设置,但显然不是这种情况。
我需要做什么才能拉取私有存储的镜像?