Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not able to deploy package to an external registry with self signed cert #1181

Closed
rishi-anand opened this issue Jan 9, 2023 · 1 comment
Closed

Not able to deploy package to an external registry with self signed cert #1181

rishi-anand opened this issue Jan 9, 2023 · 1 comment
Labels
possible-bug 🐛

Comments

@rishi-anand
Copy link
Contributor

Context

We are trying to leverage an external registry that has a self-signed certificate while deploying package via zarf

Environment

Device and OS: MacOS, Ubuntu22.04
App version: 0.23.0
Kubernetes distro being used:
Other:

Steps to reproduce

  1. Zarf init using an external registry zarf init --registry-push-password=abcd --registry-push-username=abcd --registry-url=abcd.registry.local and abcd.registry.local is a local registry with the self-signed certificate.
  2. Zarf init gets executed successfully
  3. Run zarf package deploy zarf-package-abc.tar.zst

Expected result

Images should get uploaded to the local registry and the package should get deployed.

Actual Result

Image upload to registry fails with below error

  ✔  Loading the Zarf State from the Kubernetes cluster
  DEBUG   2023-01-09T23:21:13Z  -  images.PushToZarfRegistry(/tmp/zarf-3645564958/images.tar, [minio/console:v0.19.4 minio/operator:v4.4.28 quay.io/minio/minio:RELEASE.2022-05-26T05-48-41Z library/postgres:13 busybox:1.33.1 alpine quay.io/prometheus/prometheus:latest])
└ (/home/runner/work/zarf/zarf/src/internal/packager/deploy.go:340)
  DEBUG   2023-01-09T23:21:13Z  -  strconv.Atoi: parsing "": invalid syntax
└ (/home/runner/work/zarf/zarf/src/internal/images/push.go:29)
  DEBUG   2023-01-09T23:21:13Z  -  crane pushOptions = (crane.Option)(0x202c1a0)
└ (/home/runner/work/zarf/zarf/src/internal/packager/deploy.go:340)
  ⠋  Updating image minio/console:v0.19.4 (0s)  DEBUG   2023-01-09T23:21:13Z  -  crane.Push() /tmp/zarf-3645564958/images.tar:minio/console:v0.19.4 -> harbor-ehl.spectrocloud.com/minio/console-2853110726:v0.19.4)
└ (/home/runner/work/zarf/zarf/src/internal/packager/deploy.go:340)
  ⠦  Updating image minio/console:v0.19.4 (1s)
  DEBUG   2023-01-09T23:21:15Z  -  Get "https://harbor-ehl.spectrocloud.com/v2/": x509: certificate signed by unknown authority
└ (/home/runner/work/zarf/zarf/src/internal/packager/deploy.go:341)
 WARNING  Unable to push images to the Registry, retrying in 5 seconds...

Visual Proof (screenshots, videos, text, etc)

image

Severity/Priority

4 (on scale of 1-5)

Additional Context

Building a zarf package using images from a self-signed registry also fails. There are open issues #561 and #1015 for creating package from self signed repo.
@github-project-automation github-project-automation bot moved this to New Requests in Zarf Project Board Jan 9, 2023
rishi-anand added a commit to spectrocloud/zarf that referenced this issue Jan 12, 2023
@rishi-anand
Fixing remote resgistry insecure issues [fix for zarf-dev#1181, zarf-…
3862776 
…dev#1190, zarf-dev#561, zarf-dev#1015]
@rishi-anand rishi-anand mentioned this issue Jan 12, 2023
Closed
6 tasks
@jeff-mccoy jeff-mccoy mentioned this issue Jan 28, 2023
Merged
jeff-mccoy added a commit that referenced this issue Feb 2, 2023
@jeff-mccoy @rishi-anand
add common insecure flag (#1280)
a0b1394 
Migrated from #1191

## Description
Adding support for insecure flag for external registry in `zarf init`.
Fixing `zarf package create` and `zarf package deploy` failures with
external self signed cert registry as mentioned in
#1190 and
#1181

## Related Issue

Fixes # #1190
Fixes # #1181
Fixes # #561
Fixes # #1015

---------

Co-authored-by: Rishi <[email protected]>
@Racer159
Copy link
Contributor

Fixed in #1280

@github-project-automation github-project-automation bot moved this from New Requests to Done in Zarf Project Board Feb 13, 2023
Noxsios pushed a commit that referenced this issue Mar 8, 2023
@jeff-mccoy @rishi-anand
add common insecure flag (#1280)
6576ef2 
Migrated from #1191

## Description
Adding support for insecure flag for external registry in `zarf init`.
Fixing `zarf package create` and `zarf package deploy` failures with
external self signed cert registry as mentioned in
#1190 and
#1181

## Related Issue

Fixes # #1190
Fixes # #1181
Fixes # #561
Fixes # #1015

---------

Co-authored-by: Rishi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
possible-bug 🐛
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Racer159 @rishi-anand