I have set up an AWS EC2 instance with Docker, Nexus3 and a Docker repository in Nexus with HTTP port 8123 and all the necessary settings so that I can see it from Docker. I have added after a lengthy research the right options in my docker config file so that when I run docker info I can see my insecure registry set to the right IP address. I can access the url of the Nexus manager from my machine without any problems and I can create repositories etc.
I then try to do a docker login from within my EC2 instance like this:
docker login -u admin -p admin123 my_ip_address:8123
And after a while I get this:
Error response from daemon: Get http://my_ip_address/v1/users/: dial tcp my_ip_address:8123: i/o timeout
I have tried so many things to fix this and nothing seems to work. I spent so far an entire day trying to understand why docker login cannot see my Nexus3 registry.
Any ideas?
Related
I am trying to deploy Harbor on a k8s cluster without much efforts and complexity. So, I followed the Bitnami Harbor Helm chart and deployed a healthy running Harbor instance that is exposed as a NodePort service. I know that the standard is to have a LoadBalancer type of service but as I don't have required setup to provision a requested load balancer automatically, I decided to stay away from that complexity. This is not a public cloud environment where the LB gets deployed automatically.
Now, I can very well access the Harbor GUI using https://<node-ip>:<https-port> URL. However, despite several attempts I cannot connect to this Harbor instance from my local Docker Desktop instance. I have also imported the CA in my machine's keychain, but as the certificate has a dummy domain name in it rather than the IP address, Docker doesn't trust that Harbor endpoint. So, I created a local DNS record in my /etc/hosts file to link the domain name in Harbor's certificate and the node IP address of the cluster. With that arrangement, Docker seems to be happy with the certificate presented but it doesn't acknowledge the port required to access the endpoint. So, in the subsequent internal calls for authentication against Harbor, it fails with below given error. Then I also tried to follow the advice given here on Harbor document to connect to Harbor over HTTP. But this configuration killed Docker daemon and does not let it even start.
~/.docker ยป docker login -u admin https://core.harbor.domain:30908
Password:
Error response from daemon: Get "https://core.harbor.domain:30908/v2/": Get "https://core.harbor.domain/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry": EOF
As you can see in above error, the second Get URL does not have a port in it, which would not work.
So, is there any help can I get to configure my Docker Desktop to connect to a Harbor service running on the NodePort interface? I use Docker Desktop on MacOS.
I got the similar Error when I used 'docker login core.harbor.domain:30003' from another Host. The Error likes 'Error response from daemon: Get https://core.harbor.domain:30003/v2/: Get https://core.harbor.domain/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry: dial tcp 1...*:443: connect: connection refused'.
However,docker can login harbor from the host on which the helm chart installed harbor.
I following the steps in section of Docker Installation" to get JFrog Artifactory (version 4.160 rev 40364) running in a Docker on Linux Mint fine and I able to access my instance JFrog Artifactory from Chrome browser at: http://SERVER_HOSTNAME:8082/ui/. Please see the URL
https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory#InstallingArtifactory-DockerInstallation
On my Virtual server running Linux where I Installed JFrog Artifactory and Docker
I have my host file to contains
docker-virtual.art.local docker-dev-local2.art.local docker-prod-local2.art.local
Also I created and edit /etc/default/docker file to contains
DOCKER_OPTS="$DOCKER_OPTS --insecure-registry docker-virtual.art.local --insecure-registry docker-dev-local2.art.local --insecure-registry docker-prod-local2.art.local --insecure-registry docker-remote.art.local"
My problem is when I tried to
docker login docker-virtual.art.local
or
docker push docker-virtual.art.local/hello-world
I get errors of
response from daemon: Get https://docker-virtual.art.local/v2/: Gateway Timeout
or
Get https://docker-virtual.art.local/v2/: Gateway Timeout
Can you please let know what I am doing wrong.
What I see here is that Artifactory is installed as a Docker container which means that this Artifactory's conatainer's IP is different from the localhost(Linux server). I assume that the host file is edited for the localhost and not for the container's IP. Make sure that the container's IP can be accessed over the Linux server which should be accessible and then change the host file accordingly. Provided this Gateway timeout happens when there is no response from the server and client times out and I believe that the IPs play a significant role here since Artifactory is running as docker container.
I have a CentOS machine where I created a Kubernetes cluster:
minikube start --driver=docker --addons ingress.
Inside the cluster, I installed a Harbor instance using a Helm chart using:
helm install harbor-release harbor/harbor --set expose.type=ingress
In the CentOS machine, I added an entry to my /etc/hosts pointing to the new ingress:
echo "$(minikube ip) core.harbor.domain" >> /etc/hosts
And with this, I can access to Harbor from this machine. I can login using Firefox and I'm able to push some custom images:
docker pull python
docker tag docker.io/python core.harbor.domain:443/library/python:latest
docker login https://core.harbor.domain --username admin --password Harbor12345
docker push core.harbor.domain:443/library/python:latest
And we are all happy. My problem starts when I try to deploy another Helm chart using those images. Kubernetes is not able to pull the images and timeouts. After some tries, I find out that my minikube node is not able to connect to Harbor.
I tried adding to /etc/hosts different IPs like 127.0.0.1, minikube ip, etc without any results. Docker can never do a pull. If I use 127.0.0.1 I'm able to do a curl -k https://core.harbor.domain but not a docker login.
I also tried adding core.harbor.domain to docker insecure registries but without any luck.
Maybe I'm missing something and I shouldn't be able to access the ingress url from my minikube node in the first place.
What could I be doing wrong?
Do you think it's a good approach to put Harbor and the application pods in the same cluster?
We're trying to setup a GitLab Runner, which is resposible for building and testing our web application. For running the jobs we use the Docker executor with DinD.
Our problem is now: When trying to access certain services from inside the Runner Container (docker image) we get a timeout and no response back. It includes:
logging in to our own docker registry which is hosted on the same
system
wget on our domain (which is hosted on the same system)
What we can do:
ping our domain as well as the registry
ping other domains
wget other domains
Logging into the registry and wget our domain is successful when trying it native on the server and not in a docker container.
So it maybe looks like a docker problem.
Hope someone can help us.
I've set up a private registry for docker, everything works greate from outside (i've a server with several VMs, one of these is the reposiotry).
From my pc I can do docker login -u USER -p PASS repo.mydomain.com and it works great.
Now, from inside another VMs if i do the same i get back Error response from daemon: Get https://repo.mydomain.com/v1/users/: dial tcp 10.236.8.111:443: getsockopt: connection refused
It seems that the repo.mydomain.com is resolved at the local (intramachine) IP, and then the repository hangsup or does not allow the connection to pass by. Or other reasons which I don't know now.
How can I make it working?
So, the workaround is to use it as insecure docker repository, since intercomunication is within the local network. to do so:
edit /etc/docker/daemon.json adding { "insecure-registries":["repo.mydomain.com:5000"] }
restart docker service docker restart
do the login using the port 5000 docker login -u USER -p PASS repo.mydomain.com:5000
now it says login successfully. Wondering if there's a better (cleaner) way to do it.
PS: to pull the data you have to use repo.mydomain.com:5000/image