Enhanced use of proxy mode to authenticate insecure registry #4289

kubecto · 2024-03-01T08:27:56Z

Description

I use proxy cache mode, and an x509 error is reported when the connection to the primary registry is an insecure mirror repository

Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.717561411+08:00" level=debug msg="using "text" logging formatter"
Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718556619+08:00" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill
Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718605852+08:00" level=info msg="redis not configured" environment=staging go.version=go1.20.8 instance.id=9911d63e-11a9-4a5e-8460-47634d98c94b service=registry version=2.8.3
Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718709589+08:00" level=info msg="Starting upload purge in 58m0s" environment=staging go.version=go1.20.8 instance.id=9911d63e-11a9-4a5e-8460-47634d98c94b service=registry version=2.8.3
Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718859314+08:00" level=info msg="using inmemory blob descriptor cache" environment=staging go.version=go1.20.8 instance.id=9911d63e-11a9-4a5e-8460-47634d98c94b service=registry version=2.8.3
Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718970301+08:00" level=debug msg="filesystem.Stat("/scheduler-state.json")" environment=staging go.version=go1.20.8 instance.id=9911d63e-11a9-4a5e-8460-47634d98c94b service=registry trace.duration=44.144µs tr
Mar 01 16:23:37 k8s1 registry[75313]: time="2024-03-01T16:23:37.718986659+08:00" level=info msg="Starting cached object TTL expiration scheduler..." environment=staging go.version=go1.20.8 instance.id=9911d63e-11a9-4a5e-8460-47634d98c94b service=registry version=2.8.3
Mar 01 16:23:37 k8s1 registry[75313]: panic: Get "https://10.102.28.8/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
tls: failed to verify certificate: x509: certificate signed by unknown authority

Should support

proxy:
  remoteurl: https://10.102.28.8
  username: demoadmin
  password: 123ewqasd
  insecureskipverify: true

The text was updated successfully, but these errors were encountered:

nouxf · 2024-04-19T01:29:12Z

add the root certificate to the image and rebuild it

FROM registry:2
ADD my-ca.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhanced use of proxy mode to authenticate insecure registry #4289

Enhanced use of proxy mode to authenticate insecure registry #4289

kubecto commented Mar 1, 2024

nouxf commented Apr 19, 2024

Enhanced use of proxy mode to authenticate insecure registry #4289

Enhanced use of proxy mode to authenticate insecure registry #4289

Comments

kubecto commented Mar 1, 2024

Description

nouxf commented Apr 19, 2024