vctl-docs icon indicating copy to clipboard operation
vctl-docs copied to clipboard

Published 20 hours ago verified publisher icon vmware-archive

How to add a self-signed certificate for a registry

Open srubben opened this issue 4 years ago • 2 comments

We have a nexus running with a self-signed certificate. When doing a pull I can use --skip-ssl-check to bypass the error, but I haven't found a way to do this when doing a vctl build which uses a FROM pointing to that registry. In docker you can add the certificates so that it works correctly. Is there a way to do this with vctl at the moment?

MacOS 10.15.5 (19F96) vctl version: 1.0.0 containerd github.com/containerd/containerd v1.3.2-vmw VMWare Fusion Professional Version 11.5.5

So when trying to build I get the following error:

INFO building image sven/test:1 with jobId 952bbb74-e532-44dc-aa48-203220d40b15 using internal builder instance...
INFO preparing base images...
INFO looking for base image: nexus:5000/icp/base:6 from local storage
WARNING error in base image preparation: error while checking base image and local storage: failed to get the digest of image nexus:5000/icp/base:6: Get https://nexus:5000/v2/: x509: certificate signed by unknown authority; base images will be fetched from remote registry
INFO builder image vctl.local/vctl-builder:0.14.0 is ready
INFO preparing builder: vctl-builder-952bbb74
INFO starting builder: vctl-builder-952bbb74
INFO container vctl-builder-952bbb74 started
INFO[0000] Resolved base name nexus:5000/icp/base:6 to nexus:5000/icp/base:6
INFO[0000] Resolved base name nexus:5000/icp/base:6 to nexus:5000/icp/base:6
INFO[0000] Downloading base image nexus:5000/icp/base:6
INFO[0000] Error while retrieving image from cache: Get https://nexus:5000/v2/: x509: certificate signed by unknown authority
INFO[0000] Downloading base image nexus:5000/icp/base:6
error building image: Get https://nexus:5000/v2/: x509: certificate signed by unknown authority
ERROR image build failed, please review above build logs for details
      if you are seeing 'no space left on device' error, retry 'vctl build' with the '--builder-mem' option to allocate more memory```

srubben avatar Jun 04 '20 12:06 srubben

oh, that's not possible at the moment, but planned...

jeffwubj avatar Jun 05 '20 02:06 jeffwubj

Is there any update? This is a hard blocker for any organization that uses their own certificate authority.

Edit: This is of course of much more interest given the recent licensing changes for Docker Desktop. I have Fusion, and I'd ditch DD in a moment if I had a functional alternative.

gizmotronic avatar Sep 01 '21 04:09 gizmotronic