Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bypass registry SSL or pass SelfSigned Certificate in argocd-image-updater #2959

Closed
Muhammad-Irfan324 opened this issue Oct 2, 2024 · 2 comments
Closed

Bypass registry SSL or pass SelfSigned Certificate in argocd-image-updater #2959

Muhammad-Irfan324 opened this issue Oct 2, 2024 · 2 comments
Labels
argocd-image-updater awaiting-upstream Is waiting for a change upstream to be completed before it can be merged. bug Something isn't working no-issue-activity

Comments

@Muhammad-Irfan324
Copy link

Describe the bug

Describe the bug

argo-helm/charts/argocd-image-updater/values.yaml

Line 149 in ebb2d15

registries: []

registries:
- name: name of the registry
prefix: name of the registry
api_url: https://registryURL:443
credentials: pullsecret:namespace/secret
insecure: true

Docker registry is nexus with self signed SSL/TLS

For Docker login to local system

crt needs to be store after that docker login can be done

But argocd-image-updater says it can't find the tls verification even though passed the insecure flag

https://github.com/argoproj/argo-helm/blob/main/charts/argocd-image-updater/values.yaml

Even tried to add TLS certificate with volume and volumemount the secret and with init container or directly as well but pod goes into crashloopback error.

Version
argocd-image-updater = v0.14.0

Please tell us about the version you encountered the issue with

Logs

argocd-image-updater test --registries-conf-path=/app/config/registries.conf registryURL/busybox:tag
DEBU[0000] Creating in-cluster Kubernetes client
INFO[0000] retrieving information about image            image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
DEBU[0000] rate limiting is disabled                     prefix=registryURL registry="[https://registryURL](https://registryURL/)"
INFO[0000] Loaded 1 registry configurations from /app/config/registries.conf
DEBU[0000] setting rate limit to 20 requests per second  prefix="registryURL" registry="[https://registryURL](https://registryURL/)"
DEBU[0000] Inferred registry from prefix registryURL to use API [https://registryURL](https://registryURL/)
INFO[0000] Fetching available tags and metadata from registry  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
FATA[0000] could not get tags: Get "[https://registryURL/v2/](https://registryURL/v2/)": tls: failed to verify certificate: x509: certificate signed by unknown authority  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
/ $ cat /app/config/registries.conf
registries:
  - api_url: [https://registryURL](https://registryURL/)
    credentials: pullsecret:namespace/secret
    insecure: true
    name: registryURL
    prefix: registryURL

Selection_421

No Option for adding CA for registry? niether the flag is working to bypass the TLS

Selection_422

Documentation Link - https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#configuration-format

Related helm chart

argocd-image-updater

Helm chart version

0.11.0

To Reproduce

Describe the bug

argo-helm/charts/argocd-image-updater/values.yaml

Line 149 in ebb2d15

registries: []

registries:
- name: name of the registry
prefix: name of the registry
api_url: https://registryURL:443
credentials: pullsecret:namespace/secret
insecure: true

Docker registry is nexus with self signed SSL/TLS

For Docker login to local system

crt needs to be store after that docker login can be done

But argocd-image-updater says it can't find the tls verification even though passed the insecure flag

https://github.com/argoproj/argo-helm/blob/main/charts/argocd-image-updater/values.yaml

Even tried to add TLS certificate with volume and volumemount the secret and with init container or directly as well but pod goes into crashloopback error.

Version
argocd-image-updater = v0.14.0

Please tell us about the version you encountered the issue with

Logs

argocd-image-updater test --registries-conf-path=/app/config/registries.conf registryURL/busybox:tag
DEBU[0000] Creating in-cluster Kubernetes client
INFO[0000] retrieving information about image            image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
DEBU[0000] rate limiting is disabled                     prefix=registryURL registry="[https://registryURL](https://registryURL/)"
INFO[0000] Loaded 1 registry configurations from /app/config/registries.conf
DEBU[0000] setting rate limit to 20 requests per second  prefix="registryURL" registry="[https://registryURL](https://registryURL/)"
DEBU[0000] Inferred registry from prefix registryURL to use API [https://registryURL](https://registryURL/)
INFO[0000] Fetching available tags and metadata from registry  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
FATA[0000] could not get tags: Get "[https://registryURL/v2/](https://registryURL/v2/)": tls: failed to verify certificate: x509: certificate signed by unknown authority  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
/ $ cat /app/config/registries.conf
registries:
  - api_url: [https://registryURL](https://registryURL/)
    credentials: pullsecret:namespace/secret
    insecure: true
    name: registryURL
    prefix: registryURL

Selection_421

No Option for adding CA for registry? niether the flag is working to bypass the TLS

Selection_422

Documentation Link - https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#configuration-format

Expected behavior

It Should By pass the TLS and gowith insecure

Screenshots

No response

Additional context

No response
@Muhammad-Irfan324 Muhammad-Irfan324 added the bug Something isn't working label Oct 2, 2024
@yu-croco
Copy link
Collaborator

yu-croco commented Oct 3, 2024

Hi @Muhammad-Irfan324 .

crt needs to be store after that docker login can be done

But argocd-image-updater says it can't find the tls verification even though passed the insecure flag

https://github.com/argoproj/argo-helm/blob/main/charts/argocd-image-updater/values.yaml

Even tried to add TLS certificate with volume and volumemount the secret and with init container or directly as well but pod goes into crashloopback error.

since argo-helm provides Helm Chart to deploy Argoproj but we don't handle specific feature of them, you can get more help in upstream.

@yu-croco yu-croco added awaiting-upstream Is waiting for a change upstream to be completed before it can be merged. argocd-image-updater labels Oct 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 2, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
argocd-image-updater awaiting-upstream Is waiting for a change upstream to be completed before it can be merged. bug Something isn't working no-issue-activity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yu-croco @Muhammad-Irfan324