Open nabuskey opened 4 days ago
An alternative is to create a file with insecure registries (e.g. gitea.cnoe.localtest.me:8443) on the machine where the user performs "podman build or push" if they have access to the VM running the podman daemon and have root privileges
$ podman machine ssh cat /etc/containers/registries.conf.d/local-registry.conf
[[registry]]
location = "gitea.cnoe.localtest.me:8443"
insecure = true
$ podman push gitea.cnoe.localtest.me:8443/giteaadmin/code-with-quarkus:1.0.0-SNAPSHOT
Getting image source signatures
Copying blob sha256:6cbea8c3156f2f600212e4f08d08df8ad3f1949cddfef0f553a5713dd6805fc8
Copying blob sha256:8129dd7ce2c396a8ee8ec8809fc712076e663f4888921c61f0858ee81acba88d
Copying blob sha256:388b831319d018cb7284bf1ed1bfa48ee1c7551de4d4b49d2a38d8ad998c627f
Copying blob sha256:dd5e77a90e609b328f2e49aa60e50bd8837e505c157060c337725413ccf449f1
Copying blob sha256:f8959407403503c0b51d5d929b40f5673e8e4e5cfb63854896bebf83e08c80f2
Copying blob sha256:c7d6d0a85a3c960f8b46f1bc2a945de327224e1c49ae898567330cf893f3d069
Copying config sha256:03dfe5cf18eea6ae6b20d2c6d8276f23b195415838de0ec98f31cf5cbb188179
Writing manifest to image destination
If you don't use the parameter --tls-verify
or if no insecure registry file has been created, then you will got this error
podman push gitea.cnoe.localtest.me:8443/giteaadmin/code-with-quarkus:1.0.0-SNAPSHOT
Getting image source signatures
Copying blob sha256:6cbea8c3156f2f600212e4f08d08df8ad3f1949cddfef0f553a5713dd6805fc8
Copying blob sha256:388b831319d018cb7284bf1ed1bfa48ee1c7551de4d4b49d2a38d8ad998c627f
Copying blob sha256:dd5e77a90e609b328f2e49aa60e50bd8837e505c157060c337725413ccf449f1
Copying blob sha256:c7d6d0a85a3c960f8b46f1bc2a945de327224e1c49ae898567330cf893f3d069
Copying blob sha256:f8959407403503c0b51d5d929b40f5673e8e4e5cfb63854896bebf83e08c80f2
Copying blob sha256:8129dd7ce2c396a8ee8ec8809fc712076e663f4888921c61f0858ee81acba88d
Error: trying to reuse blob sha256:dd5e77a90e609b328f2e49aa60e50bd8837e505c157060c337725413ccf449f1 at destination: pinging container registry gitea.cnoe.localtest.me:8443:
Get "https://gitea.cnoe.localtest.me:8443/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
In some clients like podman, we need to supply the
--tls-verify
flag when talking to the Gitea registry.e.g.
We should document this.
Relevant file: https://github.com/cnoe-io/website/blob/main/docs/reference-implementation/installations/idpbuilder/local-oci-registry.md