我正在尝试制作一个脚本来构建一堆 Docker 镜像并将它们推送到私有(private)存储库。
来自documentation ,docker build命令似乎接受 git url:确实非常好。
所有存储库都是私有(private)的,公司中的每个人都设置了 ssh key ,可以通过 ssh 访问 git 存储库,例如 git clone <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="60070914200709140815024e030f0d" rel="noreferrer noopener nofollow">[email protected]</a>:/my-org/my-repo.git
我认为提供这样的 url 会有效,因为它似乎是一个非常常见的用例。事实证明并非如此。
我用谷歌搜索解决方案并找到了 git ticket about url formatting所以我尝试了以下所有方法:
-
ssh://<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5e39372a1e39372a362b3c703d3133" rel="noreferrer noopener nofollow">[email protected]</a>:/my-org/my-repo.git -
ssh://<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="36515f4276515f425e43541855595b" rel="noreferrer noopener nofollow">[email protected]</a>/my-org/my-repo.git -
ssh://<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c2a5abb682a5abb6aab7a0eca1adaf" rel="noreferrer noopener nofollow">[email protected]</a>:my-org/my-repo.git -
<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5d3a34291d3a342935283f733e3230" rel="noreferrer noopener nofollow">[email protected]</a>:/my-org/my-repo.git -
<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bddad4c9fddad4c9d5c8df93ded2d0" rel="noreferrer noopener nofollow">[email protected]</a>/my-org/my-repo.git -
<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="67000e1327000e130f12054904080a" rel="noreferrer noopener nofollow">[email protected]</a>:my-org/my-repo.git
此列表中的最后一个是最有希望的,因为我得到以下输出:
$ docker build -t registry.example.com:5000/my-repo:latest --ssh=default <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="9afdf3eedafdf3eef2eff8b4f9f5f7" rel="noreferrer noopener nofollow">[email protected]</a>:my-org/my-repo.git
[+] Building 0.9s (1/1) FINISHED
=> ERROR [internal] load git source <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b0d7d9c4f0d7d9c4d8c5d29ed3dfdd" rel="noreferrer noopener nofollow">[email protected]</a>:my-org/my-repo.git 0.9s
------
> [internal] load git source <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="72151b0632151b061a07105c111d1f" rel="noreferrer noopener nofollow">[email protected]</a>:my-org/my-repo.git:
#1 0.551 Warning: Permanently added the RSA host key for IP address '140.82.121.3' to the list of known hosts.
#1 0.896 <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c5a2acb185a2acb1adb0a7eba6aaa8" rel="noreferrer noopener nofollow">[email protected]</a>: Permission denied (publickey).
#1 0.898 fatal: Could not read from remote repository.
#1 0.898
#1 0.898 Please make sure you have the correct access rights
#1 0.898 and the repository exists.
------
failed to solve with frontend dockerfile.v0: failed to read dockerfile: failed to load cache key: failed to fetch remote <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="25424c5165424c514d50470b464a48" rel="noreferrer noopener nofollow">[email protected]</a>:my-org/my-repo.git: exit status 128
在有人问之前:是的,存储库存在并且我可以克隆它:)
我假设该过程的“克隆”部分将在发送上下文供 docker 构建之前使用我自己的 ssh key “本地”完成。显然事实并非如此。
它是否是受支持的功能?如果是,如何使其发挥作用?
编辑:我意识到我忘记提供一些背景信息。
我正在 macOS big sur 上运行 Docker Desktop
Docker version 20.10.8, build 3967b7d
Client:
Context: default
Debug Mode: false
Plugins:
buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
compose: Docker Compose (Docker Inc., v2.0.0-rc.3)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 9
Running: 8
Paused: 0
Stopped: 1
Images: 28
Server Version: 20.10.8
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: e25210fe30a0a703442421b0f60afac609f950a3
runc version: v1.0.1-0-g4144b63
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 5.10.47-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.842GiB
Name: docker-desktop
ID: 77LC:Z2AY:K6AA:OXAY:3JYQ:RSSL:RCJZ:GOSK:FUTG:DAPY:WIKK:BB7A
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 105
Goroutines: 93
System Time: 2021-09-16T08:47:27.924652162Z
EventsListeners: 4
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
<REDACTED>
Live Restore Enabled: false
最佳答案
Docker for Mac 不会在您的计算机上本地运行,而是在虚拟机中运行。看起来 git clone 命令是在 VirtualMachine 内部执行的
我的假设基于此日志条目:
#1 0.551 警告:已将 IP 地址“140.82.121.3”的 RSA 主机 key 永久添加到已知主机列表中。
因此,为了通过 ssh 访问您的私有(private)存储库,您还需要将 ssh key 对存储在 Docker 的 VirtualMachine 中。
编辑要连接到虚拟机,请打开终端并运行docker run -it --privileged --pid=host justincormack/nsenter1
关于git - docker build 命令使用 ssh url 到 git repo : Permission denied,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69205158/