Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zarf init support external registry but doesn't accept any insecure flag for registry #1190

Closed
rishi-anand opened this issue Jan 11, 2023 · 3 comments
Closed

Zarf init support external registry but doesn't accept any insecure flag for registry #1190

rishi-anand opened this issue Jan 11, 2023 · 3 comments
Labels
possible-bug 🐛

Comments

@rishi-anand
Copy link
Contributor

Context
We are trying to leverage an external registry that has a self-signed certificate while deploying package via zarf but while doing zarf init, zarf-agent images doesn't gets uploaded to registry and it throws 'Certifficate Signed by unknown authority'. Also zarf init doesn't accept --insecure flag for registry.
In version 0.22.0 zarf init operation with internal registry wasn't failing even if image push fails. This seems to be a new behavior in v0.23.0, possibly because refactor in image push changes, which is the right behavior.

image

Environment

Device and OS: MacOS, Ubuntu22.04
App version: 0.23.3
Kubernetes distro being used:
Other:

Steps to reproduce

  • Zarf init using an external registry zarf init --registry-push-password=abcd --registry-push-username=abcd --registry-url=abcd.registry.local and abcd.registry.local is a local registry with the self-signed certificate.
  • zarf-init fails in 0.23.0 with error

Expected result

Images in init package should get uploaded to external registry and zarf init should get completed successfully.

Actual Result

  ⠼  Updating image ghcr.io/defenseunicorns/zarf/dev-agent:e32f41ab50f994302614adf62ab6f13a7ecfbb25 (1s)
     ERROR:  unable to deploy all components in this Zarf Package: unable to deploy component zarf-agent: unable to deploy component zarf-agent: unable to push images to the registry: Get "https://harbor-ehl.spectrocloud.com/v2/": x509: certificate signed by unknown authority
root@rishi-vm:~/work/zarf#

Visual Proof (screenshots, videos, text, etc)

image

Severity/Priority

4 (on scale of 1-5)

Additional Context

Building a zarf package using images from a self-signed registry also fails. There are open issues #561 and #1015 for creating package from self signed repo.
@github-project-automation github-project-automation bot moved this to New Requests in Zarf Project Board Jan 11, 2023
@rishi-anand
Copy link
Contributor Author

Update: I have added support for insecure flag in zarf init. I will raise PR very shortly for review.
Now, I am facing a regression issue when image is getting pushed to the registry. Registry replacement isn't happening while pushing image to the external registry.

image

ImgConfig has information of external registry but while pushing it is trying to push to default registry without registry replacement. This issue is still reproducible in v0.23.3 which was released yesterday. Probably external registry support is completely broken in v0.23.0 to v0.23.3 as image can't be pushed to the external repo.

@rishi-anand
Copy link
Contributor Author

Update: Found the root cause of regression issue, It seems assigning external registry url (https://github.com/defenseunicorns/zarf/blob/v0.22.2/src/internal/images/push.go#L25) is missing in v0.23.3.

Will create PR with the fix.

rishi-anand added a commit to spectrocloud/zarf that referenced this issue Jan 12, 2023
@rishi-anand
Fixing remote resgistry insecure issues [fix for zarf-dev#1181, zarf-…
3862776 
…dev#1190, zarf-dev#561, zarf-dev#1015]
@rishi-anand rishi-anand mentioned this issue Jan 12, 2023
Closed
6 tasks
rishi-anand added a commit to spectrocloud/zarf that referenced this issue Jan 18, 2023
@rishi-anand
Fixing zarf-dev#1190: Making insecure root level input
ba3281b
@jeff-mccoy jeff-mccoy mentioned this issue Jan 28, 2023
Merged
jeff-mccoy added a commit that referenced this issue Feb 2, 2023
@jeff-mccoy @rishi-anand
add common insecure flag (#1280)
a0b1394 
Migrated from #1191

## Description
Adding support for insecure flag for external registry in `zarf init`.
Fixing `zarf package create` and `zarf package deploy` failures with
external self signed cert registry as mentioned in
#1190 and
#1181

## Related Issue

Fixes # #1190
Fixes # #1181
Fixes # #561
Fixes # #1015

---------

Co-authored-by: Rishi <[email protected]>
@Racer159
Copy link
Contributor

Fixed in #1280

@github-project-automation github-project-automation bot moved this from New Requests to Done in Zarf Project Board Feb 13, 2023
Noxsios pushed a commit that referenced this issue Mar 8, 2023
@jeff-mccoy @rishi-anand
add common insecure flag (#1280)
6576ef2 
Migrated from #1191

## Description
Adding support for insecure flag for external registry in `zarf init`.
Fixing `zarf package create` and `zarf package deploy` failures with
external self signed cert registry as mentioned in
#1190 and
#1181

## Related Issue

Fixes # #1190
Fixes # #1181
Fixes # #561
Fixes # #1015

---------

Co-authored-by: Rishi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
possible-bug 🐛
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Racer159 @rishi-anand