一个环境变量解决所有Docker SDK和客户端TLS证书问题

393次阅读
没有评论

最近使用 Golang 开发一个自动化的 docker 镜像拉取工具,在工具开发使用过程中发现了个别镜像节点在个别系统主机上面无法下载拉取镜像的问题。

主要报错如下:

{"errorDetail":{"message":"error pulling image configuration: download failed after attempts=6: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-01-12T02:06:27-05:00 is after 2021-09-30T14:01:15Z"},"error":"error pulling image configuration: download failed after attempts=6: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-01-12T02:06:27-05:00 is after 2021-09-30T14:01:15Z"}
{"level":"ERROR","ts":"2024-01-12T02:06:27.402-0500","msg":"error pulling image configuration: download failed after attempts=6: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-01-12T02:06:27-05:00 is after 2021-09-30T14:01:15Z"}

拉取的镜像为: quay.io/jetstack/cert-manager-controller:v1.13.3

这个镜像在阿里云的机器上拉取没问题,但是在搬瓦工的日本软银机房拉取就有问题。这个问题产生的原因是因为证书的问题,在 Docker 官方 SDK 文档中是有关于跳过 TLS 认证的具体方法。

// EnvTLSVerify is the name of the environment variable that can be used to // enable or disable TLS certificate verification. When set to a non-empty // value, TLS certificate verification is enabled, and the client is configured // to use a TLS connection, using certificates from the default directories // (within `~/.docker`); refer to EnvOverrideCertPath above for additional // details.

https://pkg.go.dev/github.com/docker/docker/client@v24.0.7+incompatible#EnvTLSVerify

EnvTLSVerify 是可用于 启用或禁用 TLS 证书验证的环境变量的名称。当设置为非空 值时,启用 TLS 证书验证,

可以看代码中的逻辑判断为获取环境变量 EnvTLSVerify , 为空时则为 true

一个环境变量解决所有 Docker SDK 和客户端 TLS 证书问题

在 shell 中设置环境变量

export EnvTLSVerify=""

但是这样设置之后仅仅是当前 shell 下生效,运行客户端脚本会生效,但是拉取镜像走的是本地 docker 服务,所以 docker 服务也需要设置 EnvTLSVerify 环境变量

编辑配置文件: /usr/lib/systemd/system/docker.service

添加 ENV

[Service]
Type=notify
Environment=EnvTLSVerify=””

重启 Docker

systemctl daemon-reload

systemct restart docker

这样再次调用镜像同步程序就没有 TLS 证书错误的问题了。

正文完
 
ddn
版权声明:本站原创文章,由 ddn 2024-01-12发表,共计1718字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。