配置Rancher Desktop的Docker Daemon
备注
Configuring Docker Daemon in Rancher Desktop: A Complete Guide 提供了通过修改Host主机 ~/.rancher-desktop/lima/_config/docker/daemon.json 来调整 Rancher Desktop Lima 虚拟机的 docker daemon 配置方法。我这里实践时采用了直接修改虚拟机内部配置,所以原文方法记录备参考。
原文提供了一些 Docker 配置调整的参数设置,也可以参考(我未实践)
配置Rancher Desktop虚拟机Docker服务代理
在墙内使用 Docker 最大的问题是GFW屏蔽了docker registry,这导致很多公共镜像无法下载。在使用Rancher Desktop的时候,特别是需要下载 Alpine Docker镜像 时,遇到报错:
[+] Building 30.8s (2/2) FINISHED docker:rancher-desktop
=> [internal] load build definition from Dockerfile 0.4s
=> => transferring dockerfile: 111B 0.0s
=> ERROR [internal] load metadata for docker.io/library/alpine:latest 30.0s
------
> [internal] load metadata for docker.io/library/alpine:latest:
------
Dockerfile:1
--------------------
1 | >>> FROM alpine:latest
2 | RUN apk update && apk upgrade
3 |
--------------------
ERROR: failed to solve: alpine:latest: failed to resolve source metadata for docker.io/library/alpine:latest: failed to do request: Head "https://registry-1.docker.io/v2/library/alpine/manifests/latest": dial tcp 157.240.8.50:443: i/o timeout
解决方法是调整 Docker 代理,这里首先需要配置的是服务器端代理 docker daemon
由于是使用 Rancher Desktop 包装了 Lima: Linux Machines 虚拟化,所以我采用了直接调整 lima 虚拟机内部的 /etc/docker/daemon.json :
lima 虚拟机内部 /etc/docker/daemon.json{
"features": {
"containerd-snapshotter": false
},
"proxies": {
"http-proxy": "http://192.168.1.20:3128",
"https-proxy": "http://192.168.1.20:3128",
"no-proxy": "localhost,127.0.0.1"
}
}
备注
另一个配置方法是在Host主机上配置 ~/.rancher-desktop/lima/_config/docker/daemon.json ,让 Rancher Desktop 启动lima虚拟机的时候自动复制进去。不过,我没有实践,请参考原文 Configuring Docker Daemon in Rancher Desktop: A Complete Guide
这里解决了服务端dockerd通过代理防伪registry之后,我又遇到另外一个报错:
[+] Building 7.3s (2/2) FINISHED docker:rancher-desktop
=> [internal] load build definition from Dockerfile 3.6s
=> => transferring dockerfile: 111B 0.0s
=> ERROR [internal] load metadata for docker.io/library/alpine:latest 1.5s
------
> [internal] load metadata for docker.io/library/alpine:latest:
------
Dockerfile:1
--------------------
1 | >>> FROM alpine:latest
2 | RUN apk update && apk upgrade
3 |
--------------------
ERROR: failed to solve: alpine:latest: failed to resolve source metadata for docker.io/library/alpine:latest: failed to do request: Head "https://registry-1.docker.io/v2/library/alpine/manifests/latest": proxyconnect tcp: tls: first record does not look like a TLS handshake
乌龙了,原来是我配置 daemon.json 错误,我的 Squid代理服务 代理服务是 HTTP 方式,所以设置 docker daemon 时候不能设置 "https-proxy": "https://192.168.1.20:3128" ,而应该是 "https-proxy": "http://192.168.1.20:3128"
配置Rancher Desktop虚拟机Docker客户端代理
需要注意的是,docker下载镜像不仅是 docker dameon 需要配置代理,docker client也需要配置代理,否则会提示另一个访问 auth.docker.io 错误:
[+] Building 34.2s (2/2) FINISHED docker:rancher-desktop
=> [internal] load build definition from Dockerfile 1.7s
=> => transferring dockerfile: 111B 0.6s
=> ERROR [internal] load metadata for docker.io/library/alpine:latest 32.1s
------
> [internal] load metadata for docker.io/library/alpine:latest:
------
Dockerfile:1
--------------------
1 | >>> FROM alpine:latest
2 | RUN apk update && apk upgrade
3 |
--------------------
ERROR: failed to solve: DeadlineExceeded: DeadlineExceeded: DeadlineExceeded: alpine:latest: failed to resolve source metadata for docker.io/library/alpine:latest: failed to authorize: DeadlineExceeded: failed to fetch anonymous token: Get "https://auth.docker.io/token?scope=repository%3Alibrary%2Falpine%3Apull&service=registry.docker.io": dial tcp [2a03:2880:f127:283:face:b00c:0:25de]:443: i/o timeout
解决方法类似服务端,只不过这次是配置docker客户端 ~/.docker/config.json :
{
"credsStore": "osxkeychain",
"proxies": {
"default": {
"httpProxy": "http://192.168.1.20:3128",
"httpsProxy": "http://192.168.1.20:3128",
"noProxy": "*.baidu.com,192.168.0.0/16,10.0.0.0/8"
}
},
"currentContext": "rancher-desktop"
}
警告
非常奇怪,这次在Rancher Desktop上实践遇到了问题,配置上述 ~/.docker/config.json 没有生效,客户端依然是直接访问网络
所以最终我改成在客户端设置环境变量来解决:
export http_proxy="http://192.168.1.20:3128"
export HTTP_PROXY="http://192.168.1.20:3128"
export https_proxy="http://192.168.1.20:3128"
export HTTPS_PROXY="http://192.168.1.20:3128"