我无法将Docker图像推送到Heroku注册表。
我已成功登录,根据Docker:
❯ docker login registry.heroku.com
Authenticating with existing credentials...
Login Succeeded之后,我运行mvn jib:build,我得到了一些令人困惑的错误,说我试图推到一个不安全的repo,而在de输出的url看起来安全(以https开头)。我做错了什么?
我使用以下吊臂配置:
<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<version>2.5.2</version>
<configuration>
<to>
<image>registry.heroku.com/my-app</image>
</to>
</configuration>
</plugin>吊臂的Maven输出:使用-X构建:
Caused by: org.apache.maven.plugin.MojoExecutionException: Build image failed, perhaps you should use a registry that supports HTTPS or set the configuration parameter 'allowInsecureRegistries'
at com.google.cloud.tools.jib.maven.BuildImageMojo.execute (BuildImageMojo.java:169)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.apache.maven.wrapper.BootstrapMainStarter.start (BootstrapMainStarter.java:39)
at org.apache.maven.wrapper.WrapperExecutor.execute (WrapperExecutor.java:122)
at org.apache.maven.wrapper.MavenWrapperMain.main (MavenWrapperMain.java:61)
Caused by: com.google.cloud.tools.jib.api.InsecureRegistryException: Failed to verify the server at https://registry.heroku.com/v2/myapp/blobs/sha256:0fe85c64a011626a777c0662f83b2d819954d4148d96ca5fc626bf99f7c3644d because only secure connections are allowed.
at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call (RegistryEndpointCaller.java:180)
at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call (RegistryEndpointCaller.java:115)
at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint (RegistryClient.java:592)
at com.google.cloud.tools.jib.registry.RegistryClient.checkBlob (RegistryClient.java:444)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.lambda$makeListForSelectiveDownload$1 (ObtainBaseImageLayerStep.java:74)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.call (ObtainBaseImageLayerStep.java:142)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.call (ObtainBaseImageLayerStep.java:43)
at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly (TrustedListenableFutureTask.java:125)
at com.google.common.util.concurrent.InterruptibleTask.run (InterruptibleTask.java:69)
at com.google.common.util.concurrent.TrustedListenableFutureTask.run (TrustedListenableFutureTask.java:78)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1128)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:628)
at java.lang.Thread.run (Thread.java:834)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates (SSLSessionImpl.java:526)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname (SSLConnectionSocketFactory.java:504)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket (SSLConnectionSocketFactory.java:437)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket (SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect (DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect (PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute (MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute (MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute (ProtocolExec.java:186)
at org.apache.http.impl.client.InternalHttpClient.doExecute (InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute (CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute (CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute (CloseableHttpClient.java:56)
at com.google.api.client.http.apache.v2.ApacheHttpRequest.execute (ApacheHttpRequest.java:73)
at com.google.api.client.http.HttpRequest.execute (HttpRequest.java:1012)
at com.google.cloud.tools.jib.http.FailoverHttpClient.call (FailoverHttpClient.java:323)
at com.google.cloud.tools.jib.http.FailoverHttpClient.call (FailoverHttpClient.java:250)
at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call (RegistryEndpointCaller.java:139)
at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call (RegistryEndpointCaller.java:115)
at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint (RegistryClient.java:592)
at com.google.cloud.tools.jib.registry.RegistryClient.checkBlob (RegistryClient.java:444)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.lambda$makeListForSelectiveDownload$1 (ObtainBaseImageLayerStep.java:74)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.call (ObtainBaseImageLayerStep.java:142)
at com.google.cloud.tools.jib.builder.steps.ObtainBaseImageLayerStep.call (ObtainBaseImageLayerStep.java:43)
at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly (TrustedListenableFutureTask.java:125)
at com.google.common.util.concurrent.InterruptibleTask.run (InterruptibleTask.java:69)
at com.google.common.util.concurrent.TrustedListenableFutureTask.run (TrustedListenableFutureTask.java:78)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1128)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:628)
at java.lang.Thread.run (Thread.java:834)
2条答案
按热度按时间lztngnrs1#
这个错误表明您的注册表
registry.heroku.com是不安全的,或者至少您的系统认为它是不安全的(除非在整个TLS验证流程中的某个地方有bug,registry.heroku.com在服务器端配置错误,或者registry.heroku.com被黑客攻击,这是不常见的)。只有当您可以验证服务器时,它才是安全的。这与当您访问不安全的站点时浏览器警告您的情况相同:这也可能是由于本地代理或防火墙(因为当我在浏览器上访问
https://registry.heroku.com时,我的浏览器可以验证服务器)。一些选项:
1.接受风险并通过设置Jib的
<allowInsecureRegistries>true继续。(确保没有人窃听您的连接,并且没有系统受到损害。)registry.heroku.com是安全的。有许多指导性文章和帖子。例如,(但是,我不太确定
registry.heroku.com是否使用了自签名证书,正如我所说的,我的浏览器可以验证它。可能有其他东西干扰了您的机器验证服务器。值得追踪根本原因。)yzxexxkh2#
要使用Jib插件部署到Heroku,您需要使用以下属性: