search

cnoe-io / idpbuilder

Spin up a complete internal developer platform with only Docker required as a dependency.
https://cloud-native.slack.com/archives/C05TN9WFN5S
Apache License 2.0
194 stars 59 forks source link

Failed to authorize - gitea when pushing an image - failed to verify certificate #451

Open eliassal opened 4 hours ago

eliassal commented 4 hours ago

What is your environment, configuration, and command?

docker push gitea.cnoe.localtest.me:8443/giteaadmin/ubuntu:24.04 Ubuntu 24.04

What did you do and What did you see instead?

I created a new repo at gitea.cnoe.localtest.me:8443/giteaadmin/ubuntu

Additional Information. Logs.

docker push gitea.cnoe.localtest.me:8443/giteaadmin/ubuntu:24.04 The push refers to repository [gitea.cnoe.localtest.me:8443/giteaadmin/ubuntu] ff65ddf9395b: Unavailable failed to authorize: failed to fetch oauth token: Post "https://gitea.cnoe.localtest.me:8443/v2/token": tls: failed to verify certificate: x509: certificate signed by unknown authority

cmoulliard commented 2 hours ago

I did a test on my machine usign an fresh instancde of idpbuilder created using version 0.8.1 and cannot reproduce your issue

❯ docker pull ubuntu:24.04
24.04: Pulling from library/ubuntu
Digest: sha256:278628f08d4979fb9af9ead44277dbc9c92c2465922310916ad0c46ec9999295
Status: Image is up to date for ubuntu:24.04
docker.io/library/ubuntu:24.04

❯ docker login gitea.cnoe.localtest.me:9443
Username: giteaAdmin
Password:
Login Succeeded

❯ docker tag ubuntu:24.04 gitea.cnoe.localtest.me:9443/giteaadmin/ubuntu

❯ docker push gitea.cnoe.localtest.me:9443/giteaadmin/ubuntu
Using default tag: latest
The push refers to repository [gitea.cnoe.localtest.me:9443/giteaadmin/ubuntu]
2d6b6e63aa2f: Pushed
latest: digest: sha256:8c0cd79cc31c13c52d7c149b67705cf908c7640578f769e34dcbf3d822180442 size: 529

See screenshot Screenshot 2024-11-18 at 13 20 11

eliassal commented 1 hour ago

So what I shoyld do now, or how to debug why it is happening in my environment?

cmoulliard commented 49 minutes ago

Disable the TLS verification or add the gitea TLS certificate to docker: https://docs.docker.com/reference/cli/dockerd/

eliassal commented 21 minutes ago

@cmoulliard, disable TLS, where in idpbuilder? gitea TLS cert, where can I find it? Thanks in advance

cmoulliard commented 8 minutes ago

disable TLS, where in idpbuilder?

No using docker as this is your docker CLI which is complaining

cmoulliard commented 6 minutes ago

gitea TLS cert, where can I find it?

You can get it easily if you using your browser or the secret: 

❯ k get secret/idpbuilder-cert -n ingress-nginx -oyaml
apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJyakNDQVZTZ0F3SUJBZ0lRZlBMRExjUU4wZTlCalZuNXNJcVBLekFLQmdncWhrak9QUVFEQWpBU01SQXcKRGdZRFZRUUtFd2RqYm05bExtbHZNQjRYRFRJME1URXhPREV5TURVeU1Gb1hEVEkxTVRFeE9ERTRNRFV5TUZvdwpFakVRTUE0R0ExVUVDaE1IWTI1dlpTNXBiekJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCQ1QvClN2NHF0SzJ4eGRSSmt1eVRCQ1NVc25PcW5EUWRjZE9leURHaG90Nkt2NWtLWFVFYVh6ZEdoV0c3dGlESStra0MKSnFmSm52ZDhUN2ladjJFRDg4NmpnWXN3Z1lnd0RnWURWUjBQQVFIL0JBUURBZ0tFTUJNR0ExVWRKUVFNTUFvRwpDQ3NHQVFVRkJ3TUJNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGR2h0d3FaT2RLTTc2SzRyCmJkYWJqQ2hJOFI5cE1ERUdBMVVkRVFRcU1DaUNFV051YjJVdWJHOWpZV3gwWlhOMExtMWxnaE1xTG1OdWIyVXUKYkc5allXeDBaWE4wTG0xbE1Bb0dDQ3FHU000OUJBTUNBMGdBTUVVQ0lRQzNxRE1JeE5OaDdaUER2bnFCbmoyLwpJaXZtMGwvdnNLNDNuWHJjcndPZ2JRSWdQYVZZcWVnc21MNmwvWlVpblNsR2JFTjdGZFlMN0E4RVlNeHN5N2o1CjFTUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
...
kind: Secret
metadata:
  creationTimestamp: "2024-11-18T12:05:20Z"
  name: idpbuilder-cert
  namespace: ingress-nginx
  resourceVersion: "295"
  uid: 3a92b75e-b113-44f6-9047-2984085e8145
type: kubernetes.io/tls