Open kubecto opened 8 months ago
I use proxy cache mode, and an x509 error is reported when the connection to the primary registry is an insecure mirror repository
Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.717561411+08:00" level=debug msg="using "text" logging formatter" Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718556619+08:00" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718605852+08:00" level=info msg="redis not configured" environment=staging go.version=go1.20.8 instance.id=9911d63e-11a9-4a5e-8460-47634d98c94b service=registry version=2.8.3 Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718709589+08:00" level=info msg="Starting upload purge in 58m0s" environment=staging go.version=go1.20.8 instance.id=9911d63e-11a9-4a5e-8460-47634d98c94b service=registry version=2.8.3 Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718859314+08:00" level=info msg="using inmemory blob descriptor cache" environment=staging go.version=go1.20.8 instance.id=9911d63e-11a9-4a5e-8460-47634d98c94b service=registry version=2.8.3 Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718970301+08:00" level=debug msg="filesystem.Stat("/scheduler-state.json")" environment=staging go.version=go1.20.8 instance.id=9911d63e-11a9-4a5e-8460-47634d98c94b service=registry trace.duration=44.144µs tr Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718986659+08:00" level=info msg="Starting cached object TTL expiration scheduler..." environment=staging go.version=go1.20.8 instance.id=9911d63e-11a9-4a5e-8460-47634d98c94b service=registry version=2.8.3 Mar 01 16:23:37 k8s1 registry[75313]: panic: Get "https://10.102.28.8/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority tls: failed to verify certificate: x509: certificate signed by unknown authority
Should support
proxy: remoteurl: https://10.102.28.8 username: demoadmin password: 123ewqasd insecureskipverify: true
add the root certificate to the image and rebuild it
FROM registry:2 ADD my-ca.crt /usr/local/share/ca-certificates/ RUN update-ca-certificates
Description
I use proxy cache mode, and an x509 error is reported when the connection to the primary registry is an insecure mirror repository
Should support