异常分析
buildx 构建时,如果去公司内部的仓库拉取镜像时,会遇到下面的这种授权不通过问题
x509: certificate signed by unknown authority
这是因为buildx构建时在单独的容器环境里面执行的,如果我们只在宿主机配置了crt安全证书是不够的,我们还得把这个证书更新buildx的容器里面才可以,方法如下:
获取私仓证书
echo -n | openssl s_client -showcerts -connect harbor.my.com:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> ./my_harbor.crt
添加到MAC系统
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./my_harbor.crt
添加到BuildKitd容器中
BUILDER=$(docker ps | grep buildkitd | awk '{print $1}')
docker cp ./my_harbor.crt $BUILDER:/usr/local/share/ca-certificates/
sudo docker exec $BUILDER update-ca-certificates
sudo docker restart $BUILDER
再次构建
docker buildx build --platform=linux/amd64 --load -t chaosblade:1 -f myDockerfile .
参考链接