我正在运行 OpenShift 3.11 版本并遵循本文档中的说明:https ://docs.openshift.com/container-platform/3.11/install_config/registry/accessing_registry.html
但是,每当我运行以下命令时,都会看到错误:
docker push 172.30.<num>.<num>:5000/project/image
received unexpected HTTP status: 500 Internal Server Error
我还检查了注册表日志的输出:
oc logs dc/docker-registry
它脱口而出巨大的输出,但这是引起我注意的地方:
imagestreams.image.openshift.io <> is forbidden: User \"system:serviceaccount:registry\" cannot get imagestreams.image.openshift.io in the namespace \"<>\": no RBAC policy matched"
因此,我很困惑为什么会收到此权限问题。根据文档,它应该可以工作并且不需要图像流,我应该能够将 docker 图像直接推送到注册表中。有谁知道我在这里缺少什么?
编辑:
以下是整个设置的完整列表命令:
oc cluster up <params>
Created a new project as a test setup and that works.
htpasswd -c /etc/origin/openshift-htpasswd <username> (I use the same <username> by using which I created the project above.)
oc login -u <username> -p <password>
oc policy add-role-to-user registry-editor <username>
oc adm registry
oc get svc/docker-registry (make note of cluster ip and port)
Modify or create /etc/docker/daemon.json
{
"insecure-registries" : [ "cluster ip:port" ]
}
systemctl restart docker
Restart cluster and login again using <username>
docker login -u nouser -p $(oc whoami -t) cluster ip:port
docker push cluster ip:port/project/image
This is where I see 500 internal server error.
Cluster ip has the format of 172.30.<num>.<num>:5000
编辑2:当我使用以下命令创建注册表时,即使我事先将其删除,我也会收到一些它已经存在的错误:
oc adm registry (for creating registry)
oc delete dc/docker-registry svc/docker-registry (for deleting registry)
我确实删除了它们,因为我多次重复这些步骤来找出这个问题的原因。你觉得这个输出看起来很麻烦吗?
编辑 3:来自错误消息的更多信息:
findBlobStore: 无法访问图像流 myproject/busybox: ImageStream:Forbidden: Exists: 无法获取图像流 myproject/busybox: ImageStreamGetter:Forbidden: myproject/busybox: imagestreams.image.openshift.io \"busybox\" 被禁止:用户\"system:serviceaccount:myproject:registry\" 无法在命名空间 \"myproject\" 中获取 imagestreams.image.openshift.io:没有匹配的 RBAC 策略"