Closed jahanson closed 9 months ago
You can't use a registry with authentication for that part, as Image Factory redirects. The only thing which works I believe is the Docker registry
itself. I don't know if any other registry supports disabling auth.
It might be reimplemented not to redirect, but rather to proxy pass via Image Factory, but that's on the implementation side
Ok, that sounds like a good idea for the future. For now I'll just use reverse proxy using nginx
--> registry
.
I am able to use Harbor as the registry for all of the steps in the installer part except the retrieval phase. It's able to create, cache, and push, but when it comes to retrieving the installer with the image factory redirect docker gives me the error:
I am able to retrieve the installer manually by pulling it with docker without credentials from the where image-factory places it in harbor but I can't get it to work with the redirect.
With further investigation and the utility
skopeo
I'm able to determine that a token needs to be retrieved and used but doesn't necessarily need to be retrieved with credentials, just an endpoint.Image factory logs pulling from harbor, getting 401s
skopeo inspect, using the proper token method with 0 credentials used.
skopeo inspect docker://harbor.hsn.dev/siderolabs/installer/2b1cad19c16f5095b412350bc49ca30e6c1b4d02d850c0717ba1eeef3b7ac88b:v1.6.0
Any help would be greatly appreciated!