search

Kong / kubernetes-testing-framework

Golang Integration Testing Framework For Kubernetes APIs and Controllers.
https://konghq.com
Apache License 2.0
40 stars 10 forks source link

Pushing to a registry addon from the host fails with "certificate signed by unknown authority" #992

Open Molter73 opened 9 months ago

Molter73 commented 9 months ago

Is there an existing issue for this?

Current Behavior

When I deploy a registry addon with the metallb ingress and cert-manager, pushing images into the registry with docker fails with the message Get "https://172.18.0.100/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority

I believe this is because the host does not know the cert-manager authority used for the generated self-signed certificates. Might be loosely related to #169 but not 100% sure.

Expected Behavior

Pushing images into the registry should work and the images should be made available to the cluster.

Steps To Reproduce

  1. Deploy a registry

    registry := registry.NewBuilder().WithServiceTypeLoadBalancer().Build()
env, err = environments.NewBuilder().WithAddons(
    certmanager.New(),
    metallb.New(),
    registry,
).Build(ctx)

  2. Attempt to push an image with the docker go sdk

    cli, err := dockerClient.NewClientWithOpts(dockerClient.FromEnv)

source := "quay.io/bpfman-userspace/go-tc-counter:latest"
index := strings.LastIndex(source, "/")
target := fmt.Sprintf("%s/%s", registry.LoadBalancerAddress(), source[index+1:])

err = cli.ImageTag(context.Background(), source, target)
if err != nil {
    return err
}

closer, err := cli.ImagePush(context.Background(), image.target, dockerTypes.ImagePushOptions{
    All:          true,
    RegistryAuth: "something",
})

if err != nil {
    return err
}

io.Copy(os.Stdout, closer)
closer.Close()

  3. Alternatively trying to push images manually with the docker cli produces the same error

    docker tag quay.io/bpfman-userspace/go-tc-counter:latest 172.18.0.100/go-tc-counter:latest
docker push 172.18.0.100/go-tc-counter:latest

Kong Kubernetes Testing Framework Version

v0.24.1

Kubernetes version

kind v0.22.0 go1.21.7 linux/amd64
Client Version: v1.29.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.2

Anything else?

No response