需求背景
Bazel构建的过程中向http服务的镜像仓库推送镜像会报错。
原因还是以前常见的镜像服务错误:http: server gave HTTP response to HTTPS client
传统的对策是:
对于Podman
编辑 /etc/containers/registries.conf 增加:
[[registry]]
location = "localhost:5000"
insecure = true
对于Docker
vi /usr/lib/systemd/system/docker.service
找到 ExecStart
,在其末尾添加如下内容(IP 则为 registry 主机的 IP): --insecure-registry 192.168.60.128:5000
执行 systemctl restart docker 和 systemctl daemon-reload
然而Bazel构建下上述传统的方式不管用,因为Bazel的构建环境和在命令行执行的环境不太一样。Bazel构建官方维护的仓库目前还不支持不安全的镜像仓库,要修复上面的错误,要么改bazel rule_docker代码,要么做个安全的镜像仓库 https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry
后者网上有很多教程,这里不说了。这里说下用前一种方式:修改bazel rule_docker代码。
首先声明:肯定是选择后者方案,采用前者方案是愚蠢的行为。
使用方法
在项目根目录的WORKSPACE中,原来的rules_docker配置如下:(仅举例,每个项目用的官方的rules_docker版本不尽相同)
http_archive(
name = "io_bazel_rules_docker",
sha256 = "95d39fd84ff4474babaf190450ee034d958202043e366b9fc38f438c9e6c3334",
strip_prefix = "rules_docker-0.16.0",
urls = [
"https://github.com/bazelbuild/rules_docker/releases/download/v0.16.0/rules_docker-v0.16.0.tar.gz",
"https://storage.googleapis.com/builddeps/95d39fd84ff4474babaf190450ee034d958202043e366b9fc38f438c9e6c3334",
],
)
step1:在项目根目录的WORKSPACE中将上面的内容替换成下面的内容:(具体替换内容以发布页为准)
step2:在 Bazel BUILD文件的container_push调用中加上参数insecure_repository = True
⚡ root@backendcloud ~/example/bazel-sample/docker master ± cat cmd/BUILD.bazel
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_push")
...
container_push(
name = "image-push",
format = "Docker",
image = ":image",
#registry = "localhost:5000",
registry = "121.25.211.23:5000",
repository = "backendcloud/bazel-sample-cmd",
tag = "$(IMAGE_TAG)",
insecure_repository = True,
)
再次声明:支持不安全镜像仓库的标志 support insecure flag 是愚蠢的行为。
使用前后对比
⚡ root@backendcloud ~/example/bazel-sample/docker master ± make docker-push
bazel run --define=IMAGE_TAG=v1.0.0 //cmd:image-push
INFO: Analyzed target //cmd:image-push (1 packages loaded, 5 targets configured).
INFO: Found 1 target...
Target //cmd:image-push up-to-date:
bazel-bin/cmd/image-push.digest
bazel-bin/cmd/image-push
INFO: Elapsed time: 0.264s, Critical Path: 0.01s
INFO: 2 processes: 2 internal.
INFO: Build completed successfully, 2 total actions
INFO: Build completed successfully, 2 total actions
2022/08/04 17:58:31 Error pushing image to 121.25.211.23:5000/backendcloud/bazel-sample-cmd:v1.0.0: unable to push image to 121.25.211.23:5000/backendcloud/bazel-sample-cmd:v1.0.0: Get "https://121.25.211.23:50t
make: *** [Makefile:2: docker-push] Error 1
✘ ⚡ root@backendcloud ~/example/bazel-sample/docker master ± vi cmd/BUILD.bazel
⚡ root@backendcloud ~/example/bazel-sample/docker master ± make docker-push
bazel run --define=IMAGE_TAG=v1.0.0 //cmd:image-push
INFO: Analyzed target //cmd:image-push (1 packages loaded, 5 targets configured).
INFO: Found 1 target...
Target //cmd:image-push up-to-date:
bazel-bin/cmd/image-push.digest
bazel-bin/cmd/image-push
INFO: Elapsed time: 0.222s, Critical Path: 0.01s
INFO: 2 processes: 2 internal.
INFO: Build completed successfully, 2 total actions
INFO: Build completed successfully, 2 total actions
2022/08/04 17:58:45 Successfully pushed Docker image to 121.25.211.23:5000/backendcloud/bazel-sample-cmd:v1.0.0 - 121.25.211.23@sha256:322b44c93453aaaa21bb1584caa16cb56f178230f5bb47a93d7ab4b4279dd2fe
将旧的rules_docker替换成新的,发现可以推送镜像到http的镜像仓库了。
转载请注明来源,欢迎指出任何有错误或不够清晰的表达。可以邮件至 backendcloud@gmail.com