Closed alexellis closed 4 months ago
Hey @alexellis, I am planning to pick up this issue.
The do you have any flag name in mind?
Or should I use the one in the nerdctl
PR that you linked? (--insecure-registry
)
Why don't you have a play with it without committing to a design? Just see if you can figure out what's needed to make it work first.
Add support for insecure non-TLS registries
Why? It seems like commercial users are unsure how to configure self-hosted registries with TLS, and have requested this feature several times.
Expected Behaviour
faasd-provider can pull images from an insecure registry with no TLS such as localhost:5000 or 192.168.0.101:5000
I would expect a new flag to be set on the faasd provider command: https://github.com/openfaas/faasd/blob/master/cmd/provider.go
Current Behaviour
A valid TLS cert is required, for self-signed certs the CA should be part of the system's trust bundle.
List all Possible Solutions
@AkihiroSuda pointed me at:
https://github.com/containerd/nerdctl/pull/287/files
Which could be updated here: https://github.com/openfaas/faasd/blob/2885bb0c514a403d317b93e6d8add1ad52239a13/pkg/service/service.go#L125
Steps to Reproduce (for bugs)
faas-cli push
faas-cli deploy
and have faasd-provider deploy the function