docker - Gitlab CI - 注册表和 nginx

Question

我正在尝试使用自己的注册表设置自托管 gitlab CI。我还使用 TLS 的自签名证书，使用我自己的 CA 签署了这个证书，它作为受信任的 CA 安装在我的主机中
Gitlab-CE 13.6.3 版本安装在 Ubuntu 18.04 上。已在同一主机上安装 snap microk8s 集群
问题(一些非常基础的)

Gitlab 注册表是否使用 docker 守护进程？

连接性是如何实现的
Docker 客户端 --> NGINX (5050) --> Gitlab 注册表 (5000)

我在 gitlab.rb 文件中有以下配置

registry['enable'] = true
registry['registry_http_addr'] = "127.0.0.1:5000"
registry['log_directory'] = "/var/log/gitlab/registry"
registry['env'] = {
  'SSL_CERT_DIR' => "/etc/gitlab/ssl"
}

# Below you can find settings that are exclusive to "Registry NGINX"
registry_nginx['enable'] = true
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.local.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.local.key"

registry_nginx['proxy_set_headers'] = {
 "Host" => "$http_host",
 "X-Real-IP" => "$remote_addr",
 "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
 "X-Forwarded-Proto" => "https",
 "X-Forwarded-Ssl" => "on"
}

# When the registry is automatically enabled using the same domain as `external_url`,
# it listens on this port
registry_nginx['listen_port'] = 5050
registry_nginx['listen_addresses'] = ['*', '[::]']

当我尝试 docker login 时，观察到以下错误。是否基于上述配置？

   - with URL: https://127.0.0.1:5000 - > Login Success
   - with URL: https://127.0.0.1:5050 - > Login Success 
   - with URL: https://gitlab.local:5050 - > x509 certificate signed by unknown authority

我有 gitlab k8s 和 docker runner，他们可以从容器内访问 gitlab 注册表(nginx)端口 5050 吗？

    [[runners]]
      name = "docker"
      token = "xxxxxxx"
      executor = "docker"
      [runners.docker]
        image = "docker:stable"
        privileged = true
        volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]

注意:我尝试了各种关于 gitlab 注册表上的证书问题的 gitlab 论坛/帖子来构建/推送图像，但没有成功
谢谢

Answer 1

尝试通过以下方式将证书放在 docker 中:

sudo mkdir -p /etc/docker/certs.d/gitlab.local:5050
cp /yourcerts/gitlab.local.crt /etc/docker/certs.d/gitlab.local:5050/ca.crt
sudo service docker reload