Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pushing to a registry addon from the host fails with "certificate signed by unknown authority" #992

Open
1 task done
Molter73 opened this issue Mar 7, 2024 · 0 comments
Open
1 task done

Pushing to a registry addon from the host fails with "certificate signed by unknown authority" #992

Molter73 opened this issue Mar 7, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@Molter73
Copy link

Molter73 commented Mar 7, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

When I deploy a registry addon with the metallb ingress and cert-manager, pushing images into the registry with docker fails with the message Get "https://172.18.0.100/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority

I believe this is because the host does not know the cert-manager authority used for the generated self-signed certificates. Might be loosely related to #169 but not 100% sure.

Expected Behavior

Pushing images into the registry should work and the images should be made available to the cluster.

Steps To Reproduce

  1. Deploy a registry
	registry := registry.NewBuilder().WithServiceTypeLoadBalancer().Build()
	env, err = environments.NewBuilder().WithAddons(
		certmanager.New(),
		metallb.New(),
		registry,
	).Build(ctx)
  1. Attempt to push an image with the docker go sdk
	cli, err := dockerClient.NewClientWithOpts(dockerClient.FromEnv)

	source := "quay.io/bpfman-userspace/go-tc-counter:latest"
	index := strings.LastIndex(source, "/")
	target := fmt.Sprintf("%s/%s", registry.LoadBalancerAddress(), source[index+1:])

	err = cli.ImageTag(context.Background(), source, target)
	if err != nil {
		return err
	}

	closer, err := cli.ImagePush(context.Background(), image.target, dockerTypes.ImagePushOptions{
		All:          true,
		RegistryAuth: "something",
	})

	if err != nil {
		return err
	}

	io.Copy(os.Stdout, closer)
	closer.Close()
  1. Alternatively trying to push images manually with the docker cli produces the same error
docker tag quay.io/bpfman-userspace/go-tc-counter:latest 172.18.0.100/go-tc-counter:latest
docker push 172.18.0.100/go-tc-counter:latest

Kong Kubernetes Testing Framework Version

v0.24.1

Kubernetes version

kind v0.22.0 go1.21.7 linux/amd64
Client Version: v1.29.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.2

Anything else?

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Molter73