Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

buildctl: Add insecure config for registry-auth-tlscontext flag #4420

Merged
merged 1 commit into from
Nov 17, 2023
Merged

buildctl: Add insecure config for registry-auth-tlscontext flag #4420

merged 1 commit into from
Nov 17, 2023

Conversation

x893675
Copy link
Contributor

@x893675 x893675 commented Nov 15, 2023

What this PR does / why we need it:

push image to self-signed certificate registry will throw failed to authorize: failed to fetch oauth token: Post \"https://harbor/service/token\": tls: failed to verify certificate: x509: certificate signed by unknown authority .

I have to provide the certificate using the--registry-auth-tlscontext flag. But in most usage scenarios, I cannot provide the certificate file.

Additional usage docs, etc.:

when i build and push image to self-signed harbor harbor-registry.com, and not provide cert

buildctl build --frontend dockerfile.v0 -local context=. -local dockerfile=./ --opt filename=Dockerfile --opt platform="linux/amd64" --output type=image,name=harbor-registry.com/demo/demo:latest,push=true,registry.insecure=true --registry-auth-tlscontext host=harbor-registry.com,insecure=true

tonistiigi
tonistiigi reviewed Nov 15, 2023
View reviewed changes
.gitignore Outdated
@@ -4,3 +4,5 @@
bin
.certs
.tmp
.idea
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove these

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Squash the commits as well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@x893675 x893675 force-pushed the buildctl-push-self-signed-registry branch from ac3f1b1 to 0b791f5 Compare November 16, 2023 01:52
@x893675 x893675 force-pushed the buildctl-push-self-signed-registry branch from 0b791f5 to 5099010 Compare November 16, 2023 03:25
@x893675
Copy link
Contributor Author

x893675 commented Nov 16, 2023

@tonistiigi
run make docs fix ci check failed.
help reivew

@tonistiigi tonistiigi merged commit d736391 into moby:master Nov 17, 2023
60 checks passed
This was referenced Nov 21, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@x893675 @tonistiigi