dind: Registry mirror is ignored

Question

I am using a dind (docker in docker) image and I spin this up with the following parameters in order to provide an internal proxy repo for dockerhub

--insecure-registry=internalrepo.intra:5002 / 
--registry-mirror=https://dockerproxy.intra:5000

Within the dind container these seems fine

/ # ps
PID   USER     TIME   COMMAND
    1 root       0:09 dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --insecure-registry=internalrepo.intra:5002 --registry-mirror=https://dockerproxy.intra:5000
   21 root       0:11 docker-containerd --config /var/run/docker/containerd/containerd.toml
  178 root       0:00 /bin/sh
  209 root       0:00 /bin/sh
  233 root       0:00 ps
/ #

However when I try to pull an image this parameter seems to be ignored

 # docker pull jenkins/jnlp-slave
Using default tag: latest
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

score 2 · Accepted Answer · answered Jan 31 '19 at 11:41

The error message is confusing. The problem is not that the parameters are ignored but rather that the certificate of https://dockerproxy.intra:5000 is not trusted. Thus adding the respective certificates to the trust store of the image helps to overcome the pro

ARG CERT_PATH=/usr/local/share/ca-certificates
# add sc certificates to certificates location and update ca-certificates
ADD mycert.crt $CERT_PATH/mycert.crt
RUN update-ca-certificates

dind: Registry mirror is ignored

1 Answers1