search

cnoe-io / idpbuilder

Spin up a complete internal developer platform with only Docker required as a dependency.
https://cloud-native.slack.com/archives/C05TN9WFN5S
Apache License 2.0
174 stars 56 forks source link

Document the tls insecure flag for the Gitea registry #391

Open nabuskey opened 4 days ago

nabuskey commented 4 days ago

In some clients like podman, we need to supply the --tls-verify flag when talking to the Gitea registry.

e.g.

podman push gitea.cnoe.localtest.me:8443/giteaadmin/code-with-quarkus:1.0.0-SNAPSHOT --tls-verify=0

We should document this.

Relevant file: https://github.com/cnoe-io/website/blob/main/docs/reference-implementation/installations/idpbuilder/local-oci-registry.md

cmoulliard commented 2 days ago

An alternative is to create a file with insecure registries (e.g. gitea.cnoe.localtest.me:8443) on the machine where the user performs "podman build or push" if they have access to the VM running the podman daemon and have root privileges

$ podman machine ssh cat /etc/containers/registries.conf.d/local-registry.conf
[[registry]]
location = "gitea.cnoe.localtest.me:8443"
insecure = true

$ podman push gitea.cnoe.localtest.me:8443/giteaadmin/code-with-quarkus:1.0.0-SNAPSHOT
Getting image source signatures
Copying blob sha256:6cbea8c3156f2f600212e4f08d08df8ad3f1949cddfef0f553a5713dd6805fc8
Copying blob sha256:8129dd7ce2c396a8ee8ec8809fc712076e663f4888921c61f0858ee81acba88d
Copying blob sha256:388b831319d018cb7284bf1ed1bfa48ee1c7551de4d4b49d2a38d8ad998c627f
Copying blob sha256:dd5e77a90e609b328f2e49aa60e50bd8837e505c157060c337725413ccf449f1
Copying blob sha256:f8959407403503c0b51d5d929b40f5673e8e4e5cfb63854896bebf83e08c80f2
Copying blob sha256:c7d6d0a85a3c960f8b46f1bc2a945de327224e1c49ae898567330cf893f3d069
Copying config sha256:03dfe5cf18eea6ae6b20d2c6d8276f23b195415838de0ec98f31cf5cbb188179
Writing manifest to image destination

If you don't use the parameter --tls-verify or if no insecure registry file has been created, then you will got this error

podman push gitea.cnoe.localtest.me:8443/giteaadmin/code-with-quarkus:1.0.0-SNAPSHOT
Getting image source signatures
Copying blob sha256:6cbea8c3156f2f600212e4f08d08df8ad3f1949cddfef0f553a5713dd6805fc8
Copying blob sha256:388b831319d018cb7284bf1ed1bfa48ee1c7551de4d4b49d2a38d8ad998c627f
Copying blob sha256:dd5e77a90e609b328f2e49aa60e50bd8837e505c157060c337725413ccf449f1
Copying blob sha256:c7d6d0a85a3c960f8b46f1bc2a945de327224e1c49ae898567330cf893f3d069
Copying blob sha256:f8959407403503c0b51d5d929b40f5673e8e4e5cfb63854896bebf83e08c80f2
Copying blob sha256:8129dd7ce2c396a8ee8ec8809fc712076e663f4888921c61f0858ee81acba88d
Error: trying to reuse blob sha256:dd5e77a90e609b328f2e49aa60e50bd8837e505c157060c337725413ccf449f1 at destination: pinging container registry gitea.cnoe.localtest.me:8443: 
Get "https://gitea.cnoe.localtest.me:8443/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority