search

moby / buildkit

concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
https://github.com/moby/moby/issues/34227
Apache License 2.0
8.06k stars 1.13k forks source link

add skip https tls certificate options #4808

Open lihaorong840506 opened 5 months ago

lihaorong840506 commented 5 months ago

info

OS: linux registry: insecure https registry, like https://172.22.96.23 client build tool: using builctl

/etc/buildkit/buildkitd.toml

debug = true
insecure-entitlements = [ "network.host", "security.insecure"]
[registry."172.22.96.23"]
  http = false
  insecure = true

command

buildctl --debug build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --output type=image,name=172.22.96.23/abc/busybox-test:20240328.144732.63,registry.insecure=true,push=true

logs

DEBU[2024-03-28T17:03:54+08:00] serving grpc connection                       spanID=8fa90b2e4ea794df traceID=efb1ca8253d288e064fb598c1949e357
[+] Building 5.9s (6/6)                                                         
[+] Building 5.9s (6/6) FINISHED                                                
 => [internal] load build definition from Dockerfile                       0.4s
 => => transferring dockerfile: 50B                                        0.0s
 => [internal] load metadata for docker.io/library/busybox:latest          4.4s
 => [internal] load .dockerignore                                          0.2s
 => => transferring context: 2B                                            0.0s
 => [1/1] FROM docker.io/library/busybox:latest@sha256:650fd573e056b679a5  0.2s
 => => resolve docker.io/library/busybox:latest@sha256:650fd573e056b679a5  0.1s
 => ERROR exporting to image                                               0.4spanID=8fa90b2e4ea794df traceID=efb1ca8253d288e064fb598c1949e357
 => => exporting layers                                                    0.0s
 => => exporting manifest sha256:30146eb3210853f6353501cecfbee8f8be677f9f  0.1s
 => => exporting config sha256:b7fa12ae76270e23bc1c605a9642059306ccfc67d6  0.1s
 => => pushing layers                                                      0.0s
 => [auth] abc/busybox-test:pull,push token for 172.22.96.23               0.0s
------
 > exporting to image:
------
error: failed to solve: failed to push 172.22.96.23/abc/busybox-test:20240328.144732.63: failed to authorize: failed to fetch oauth token: Post "https://172.22.96.23/service/token": tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead
77 ad5a64c buildctl --debug build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --output type=image,name=172.22.96.23/abc/busybox-test:20240328.144732.63,registry.insecure=true,push=true
github.com/moby/buildkit/session/auth/authprovider.(*authProvider).FetchToken.func2
        /src/session/auth/authprovider/authprovider.go:109
github.com/moby/buildkit/session/auth/authprovider.(*authProvider).FetchToken
        /src/session/auth/authprovider/authprovider.go:133
github.com/moby/buildkit/session/auth._Auth_FetchToken_Handler.func1
        /src/session/auth/auth.pb.go:954
github.com/moby/buildkit/session.NewSession.ChainUnaryServer.func3.1.1
        /src/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:25
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc.UnaryServerInterceptor.func1
        /src/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go:326
github.com/moby/buildkit/session.NewSession.filterServer.func1
        /src/session/session.go:177
github.com/moby/buildkit/session.NewSession.ChainUnaryServer.func3.1.1
        /src/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:25
github.com/moby/buildkit/session.NewSession.ChainUnaryServer.func3
        /src/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:34
github.com/moby/buildkit/session/auth._Auth_FetchToken_Handler
        /src/session/auth/auth.pb.go:956
google.golang.org/grpc.(*Server).processUnaryRPC
        /src/vendor/google.golang.org/grpc/server.go:1343
google.golang.org/grpc.(*Server).handleStream
        /src/vendor/google.golang.org/grpc/server.go:1737
google.golang.org/grpc.(*Server).serveStreams.func1.1
        /src/vendor/google.golang.org/grpc/server.go:986
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1650

14 ad5a64c buildkitd --addr=unix:///run/buildkit/buildkitd.sock
github.com/moby/buildkit/session.grpcClientConn.ChainUnaryClient.func8.1.1
        /src/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:72
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc.UnaryClientInterceptor.func1
        /src/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go:110
github.com/moby/buildkit/session.grpcClientConn.filterClient.func6
        /src/session/session.go:186
github.com/moby/buildkit/session.grpcClientConn.ChainUnaryClient.func8.1.1
        /src/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:72
github.com/moby/buildkit/session.grpcClientConn.ChainUnaryClient.func8
        /src/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:81
google.golang.org/grpc.(*ClientConn).Invoke
        /src/vendor/google.golang.org/grpc/call.go:35
github.com/moby/buildkit/session/auth.(*authClient).FetchToken
        /src/session/auth/auth.pb.go:869
github.com/moby/buildkit/session/auth.FetchToken.func1
        /src/session/auth/auth.go:59
github.com/moby/buildkit/session.(*Manager).Any
        /src/session/group.go:83
github.com/moby/buildkit/session/auth.FetchToken
        /src/session/auth/auth.go:56
github.com/moby/buildkit/util/resolver.(*authHandler).fetchToken
        /src/util/resolver/authorizer.go:341
github.com/moby/buildkit/util/resolver.(*authHandler).doBearerAuth.func1
        /src/util/resolver/authorizer.go:307
github.com/moby/buildkit/util/flightcontrol.(*call[...]).run
        /src/util/flightcontrol/flightcontrol.go:121
sync.(*Once).doSlow
        /usr/local/go/src/sync/once.go:74
sync.(*Once).Do
        /usr/local/go/src/sync/once.go:65
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1650

14 ad5a64c buildkitd --addr=unix:///run/buildkit/buildkitd.sock
github.com/moby/buildkit/exporter/containerimage.(*imageExporterInstance).Export
        /src/exporter/containerimage/export.go:344
github.com/moby/buildkit/solver/llbsolver.(*Solver).runExporters.func1.1
        /src/solver/llbsolver/solver.go:721
github.com/moby/buildkit/solver/llbsolver.inBuilderContext.func1
        /src/solver/llbsolver/solver.go:996
github.com/moby/buildkit/solver.(*Job).InContext
        /src/solver/jobs.go:683
github.com/moby/buildkit/solver/llbsolver.inBuilderContext
        /src/solver/llbsolver/solver.go:992
github.com/moby/buildkit/solver/llbsolver.(*Solver).runExporters.func1
        /src/solver/llbsolver/solver.go:716
golang.org/x/sync/errgroup.(*Group).Go.func1
        /src/vendor/golang.org/x/sync/errgroup/errgroup.go:75
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1650

77 ad5a64c buildctl --debug build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --output type=image,name=172.22.96.23/abc/busybox-test:20240328.144732.63,registry.insecure=true,push=true
google.golang.org/grpc.getChainUnaryInvoker.func1
        /src/vendor/google.golang.org/grpc/clientconn.go:519
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc.UnaryClientInterceptor.func1
        /src/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go:110
github.com/moby/buildkit/client.New.filterInterceptor.func5
        /src/client/client.go:394
google.golang.org/grpc.DialContext.chainUnaryClientInterceptors.func3
        /src/vendor/google.golang.org/grpc/clientconn.go:507
google.golang.org/grpc.(*ClientConn).Invoke
        /src/vendor/google.golang.org/grpc/call.go:35
github.com/moby/buildkit/api/services/control.(*controlClient).Solve
        /src/api/services/control/control.pb.go:2234
github.com/moby/buildkit/client.(*Client).solve.func2
        /src/client/solve.go:274
golang.org/x/sync/errgroup.(*Group).Go.func1
        /src/vendor/golang.org/x/sync/errgroup/errgroup.go:75
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1650

77 ad5a64c buildctl --debug build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --output type=image,name=172.22.96.23/abc/busybox-test:20240328.144732.63,registry.insecure=true,push=true
github.com/moby/buildkit/client.(*Client).solve.func2
        /src/client/solve.go:290
golang.org/x/sync/errgroup.(*Group).Go.func1
        /src/vendor/golang.org/x/sync/errgroup/errgroup.go:75
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1650
thompson-shaun commented 1 week ago

Attempted to format things a bit for ease of reading. @lihaorong840506 does that look correct?