image-factory
image-factory copied to clipboard
Published
20 hours ago •
siderolabs
siderolabs
Run image-factory in locally(airgap)
I plan to deploy the Omni environment locally(airgap), but when running Image-factory locally, I encountered a problem:
{"level":"info","ts":1728096785.065096,"caller":"cmd/service.go:57","msg":"shutting down","name":"image-factory"}
2024/10/05 02:53:05 getting Fulcio roots: initializing tuf: updating local metadata and targets: error updating to TUF remote mirror: tuf: failed to download 10.root.json: Get "https://tuf-repo-cdn.sigstore.dev/10.root.json": EOF
Image-Factory,Docker-Compose.yml
image-factory:
image: "ghcr.io/siderolabs/image-factory:v0.5.0"
restart: unless-stopped
container_name: image-factory
privileged: true
ports:
- "8080:8080"
volumes:
- /dev:/dev
- /sys:/sys
- ./cache-signing-key.key:/cache-signing-key.key
- ./cosign.key:/cosign.key
- ./cosign.pub:/cosign.pub
- ./tmp:/tmp
- ./certs/omni-ca.pem:/root.pem
- ./10.root.json:/10.root.json
command: >
-http-port=0.0.0.0:8080
-image-registry ${OMNI_IP}:5000
-external-url http://${OMNI_IP}/
-schematic-service-repository ${OMNI_IP}:5000/image-factory/schematic
-installer-internal-repository ${OMNI_IP}:5000/siderolabs
-installer-external-repository ${OMNI_IP}:5000/siderolabs
-cache-repository ${OMNI_IP}:5000/cache
-insecure-image-registry
-insecure-cache-repository
-insecure-schematic-service-repository
-insecure-installer-internal-repository
-cache-signing-key-path /cache-signing-key.key
-container-signature-pubkey /cosign.pub
-container-signature-issuer http://${OMNI_IP}
Requesting help, does Image-Factory support local deployment, if so, is there any documentation or guidance for this.
I have also explored deploying sigstore locally, but I don't see those parameters/environment variables to use local sigstore.
