Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

insecure registry regression ? #3890

Open
jrweb247 opened this issue Mar 30, 2020 · 9 comments
Open

insecure registry regression ? #3890

jrweb247 opened this issue Mar 30, 2020 · 9 comments
Labels
area/registry help wanted We would love to have this done, but don't have the bandwidth, need help from contributors kind/bug Something isn't working priority/p3 agreed that this would be good to have, but no one is available at the moment.

Comments

@jrweb247
Copy link

skaffold doesn't seem to take into account the insecure registry in its latest version, is it a regression or something misconfigured?

apiVersion: skaffold/v2beta1
kind: Config
build:
  insecureRegistries: 
  - nexus.foo.net
  tagPolicy:
    sha256: {}
  artifacts:
  - context: .
    image: go-hello-world
  local:
    push: true 
deploy:
  kubectl:
    manifests:
    - kubernetes-manifests/**

skaffold run  -v debug --filename skaffold.yaml --default-repo nexus.foo.net/foo --insecure-registry nexus.foo.net 
INFO[0000] Skaffold &{Version:v1.6.0-docs ConfigVersion:skaffold/v2beta1 GitVersion: GitCommit:b74e2f94f628b16a866abddc2ba8f05ce0bf956c GitTreeState:clean BuildDate:2020-03-25T00:09:12Z GoVersion:go1.14 Compiler:gc Platform:linux/amd64} 
DEBU[0000] found config for context "minikube"          
DEBU[0000] validating yamltags of struct SkaffoldConfig 
DEBU[0000] validating yamltags of struct Metadata       
DEBU[0000] validating yamltags of struct Pipeline       
DEBU[0000] validating yamltags of struct BuildConfig    
DEBU[0000] validating yamltags of struct Artifact       
DEBU[0000] validating yamltags of struct ArtifactType   
DEBU[0000] validating yamltags of struct DockerArtifact 
DEBU[0000] validating yamltags of struct TagPolicy      
DEBU[0000] validating yamltags of struct ShaTagger      
DEBU[0000] validating yamltags of struct BuildType      
DEBU[0000] validating yamltags of struct LocalBuild     
DEBU[0000] validating yamltags of struct DeployConfig   
DEBU[0000] validating yamltags of struct DeployType     
DEBU[0000] validating yamltags of struct KubectlDeploy  
DEBU[0000] validating yamltags of struct KubectlFlags   
INFO[0000] Using kubectl context: minikube              
DEBU[0000] Using builder: local                         
DEBU[0000] Running command: [minikube docker-env --shell none] 
DEBU[0000] Command output: [DOCKER_TLS_VERIFY=1
DOCKER_HOST=tcp://192.168.99.102:2376
DOCKER_CERT_PATH=/home/foo/.minikube/certs
MINIKUBE_ACTIVE_DOCKERD=minikube
] 
DEBU[0000] setting Docker user agent to skaffold-v1.6.0-docs 
Generating tags...
 - go-hello-world -> nexus.foo.net/foo/go-hello-world:latest
INFO[0000] Tags generated in 64.344µs                   
Checking cache...
DEBU[0000] Found dependencies for dockerfile: [{go.mod /src/hello-world true} {go.sum /src/hello-world true} {. /src/hello-world true}] 
 - go-hello-world: Not found. Building
INFO[0000] Cache check complete in 1.802348ms           
Found [minikube] context, using local docker daemon.
Building [go-hello-world]...
DEBU[0000] Running command: [docker build . --file /home/foo/kubernetes/golang/go-hello-world/Dockerfile -t nexus.foo.net/foo/go-hello-world:latest] 
Sending build context to Docker daemon  60.42kB
Step 1/7 : FROM golang:1.14
 ---> 374d57ff6662
Step 2/7 : WORKDIR /src/hello-world
 ---> Using cache
 ---> 6bf66efe1427
Step 3/7 : COPY go.mod go.sum ./
 ---> Using cache
 ---> 7ca0b4bcc8f9
Step 4/7 : RUN go mod download
 ---> Using cache
 ---> 393f43ee8bd8
Step 5/7 : COPY . ./
 ---> Using cache
 ---> fd357c8a75d7
Step 6/7 : RUN go build -o /app -v ./cmd/hello-world
 ---> Using cache
 ---> af198b2dadf5
Step 7/7 : ENTRYPOINT ["/app"]
 ---> Using cache
 ---> c52e6c26b703
Successfully built c52e6c26b703
Successfully tagged nexus.foo.net/foo/go-hello-world:latest
The push refers to repository [nexus.foo.net/foo/go-hello-world]
FATA[0001] failed to build: build failed: building [go-hello-world]: build artifact: Get https://nexus.foo.net/v2/: dial tcp 10.196.80.185:443: connect: connection refused
@nkubala
Copy link
Contributor

nkubala commented Apr 6, 2020

@jrweb247 thanks for filing. can you confirm the last version of skaffold that this was working for you on? also, could you try setting the insecure registry through the global config and see if that has a different result?
skaffold config set insecure-registry <your registry>

@nkubala nkubala added area/insecure-registry kind/bug Something isn't working priority/awaiting-more-evidence Lowest Priority. May be useful, but there is not yet enough supporting evidence. labels Apr 6, 2020
@bruno-lopes
Copy link

bruno-lopes commented Oct 9, 2020
edited
Loading

@nkubala, thanks for your response. I'm using Skaffold v1.15.0, and I have the same problem. I tried the following methods:

  • Set insecure registries with global config:
    skaffold config set insecure-registries XXX.XXX.XXX.XXX
  • Set insecure registries with key insecureRegistries in skaffold.yaml (build block):
build:
  insecureRegistries:
    - XXX.XXX.XXX.XXX:5000
  • Set insecure registries in command line
    skaffold dev --insecure-registry XXX.XXX.XXX.XXX:5000
    and
    skaffold dev --insecure-registry=XXX.XXX.XXX.XXX:5000

None of the above options worked. I thinks Skaffold is completely ignoring those options.

@bruno-lopes
Copy link

bruno-lopes commented Oct 9, 2020
edited
Loading

Now I saw this:

#3951 (comment)

After adding the register as a insecure in docker, it works.

@nkubala
Copy link
Contributor

nkubala commented Oct 14, 2020

@bruno-lopes glad you were unblocked. it's not really clear to me if there's anything we can/should be doing for this in skaffold, since we generally try and stay hands-off of app settings on the host aside from skaffold itself.

i'm going to close this issue for now, but please reopen if anyone thinks there's work to be done on our end!

@nkubala nkubala closed this as completed Oct 14, 2020
@fischor
Copy link

fischor commented Jun 11, 2021
edited
Loading

The issue still persist for me. When using docker push <registry>/<image>:<tag> or docker pull, it works fine, since I have added the registry to my ~/.docker/daemon.json:

{"insecure-registries":["<registry>"],"experimental":false,"features":{"buildkit":true}}%

My skaffold.yaml file looks like this:

apiVersion: skaffold/v2beta17
kind: Config
build:
  artifacts:
    - image: <registry>/XXX/XXX/XXX
      bazel:
        target: //XXX/XXX/XXX/XXX:image.tar
        args: ["--platforms=@io_bazel_rules_go//go/toolchain:linux_amd64"]
  insecureRegistries:
    - <registry>
deploy:
  kustomize:
    paths:
      - <path to file>

Results in the following error:

could not push image "<registry>/XXX/XXX/XXX:7e1167a-dirty": Get "https://<registry>/v2/": http: server gave HTTP response to HTTPS client

I've tried to run skaffold dev -f <path> --insecure-registry <registry> and skaffold dev -f <path>.

Setup:

  • Mac OS Cataline 10.15.7
  • Docker Desktop 3.2.2 (Docker Engine v20.10.5)
  • Skaffold 1.260.0

@polmabri
Copy link

I experience the same issue:

could not push image "172.24.0.2:5000/<path>:81eba75-dirty": Get https://172.24.0.2:5000/v2/: http: server gave HTTP response to HTTPS client

docker push and skaffold + kaniko with same registry works.

Setup:

  • Linux Mint (Ubuntu 20.04)
  • Docker 20.10.7
  • Skaffold v1.26.0

@briandealwis briandealwis added the needs-reproduction needs reproduction from the maintainers to validate the issue is truly a skaffold bug label Jun 21, 2021
@briandealwis
Copy link
Member

Re-opening though needs reproduction.

@briandealwis briandealwis reopened this Jun 21, 2021
@MateusAmin
Copy link

MateusAmin commented Jul 27, 2021
edited
Loading

Not sure what's going on but it was working with my local registry and now it is not. No upgrade.

Edit: huh. works now, maybe a misconfigure...

@tejal29 tejal29 added priority/p3 agreed that this would be good to have, but no one is available at the moment. and removed priority/awaiting-more-evidence Lowest Priority. May be useful, but there is not yet enough supporting evidence. needs-reproduction needs reproduction from the maintainers to validate the issue is truly a skaffold bug labels Oct 18, 2021
@tejal29
Copy link
Member

tejal29 commented Oct 18, 2021

Thanks @MateusAmin for letting us this is working for you now.
Reducing the priority to p3 since the team has no bandwidth to look into this in couple of months.
We would really appreciate some help in debugging!

Thanks
Tejal

@tejal29 tejal29 added the help wanted We would love to have this done, but don't have the bandwidth, need help from contributors label Oct 18, 2021
@drewp drewp mentioned this issue Oct 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/registry help wanted We would love to have this done, but don't have the bandwidth, need help from contributors kind/bug Something isn't working priority/p3 agreed that this would be good to have, but no one is available at the moment.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@dgageot @briandealwis @polmabri @tejal29 @bruno-lopes @nkubala @MateusAmin @jrweb247 @fischor