Pushing to a registry addon from the host fails with "certificate signed by unknown authority" #992
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
When I deploy a registry addon with the metallb ingress and cert-manager, pushing images into the registry with docker fails with the message Get "https://172.18.0.100/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
I believe this is because the host does not know the cert-manager authority used for the generated self-signed certificates. Might be loosely related to #169 but not 100% sure.
Expected Behavior
Pushing images into the registry should work and the images should be made available to the cluster.
Steps To Reproduce
- Deploy a registry
registry := registry.NewBuilder().WithServiceTypeLoadBalancer().Build()
env, err = environments.NewBuilder().WithAddons(
certmanager.New(),
metallb.New(),
registry,
).Build(ctx)- Attempt to push an image with the docker go sdk
cli, err := dockerClient.NewClientWithOpts(dockerClient.FromEnv)
source := "quay.io/bpfman-userspace/go-tc-counter:latest"
index := strings.LastIndex(source, "/")
target := fmt.Sprintf("%s/%s", registry.LoadBalancerAddress(), source[index+1:])
err = cli.ImageTag(context.Background(), source, target)
if err != nil {
return err
}
closer, err := cli.ImagePush(context.Background(), image.target, dockerTypes.ImagePushOptions{
All: true,
RegistryAuth: "something",
})
if err != nil {
return err
}
io.Copy(os.Stdout, closer)
closer.Close()- Alternatively trying to push images manually with the docker cli produces the same error
docker tag quay.io/bpfman-userspace/go-tc-counter:latest 172.18.0.100/go-tc-counter:latest
docker push 172.18.0.100/go-tc-counter:latestKong Kubernetes Testing Framework Version
v0.24.1Kubernetes version
kind v0.22.0 go1.21.7 linux/amd64
Client Version: v1.29.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.2Anything else?
No response