Skip to content

Bug: Build fails when utilizing a container registry with a self-signed certificate in the context of buildx #5058

Closed
@badal773

Description

@badal773

📜 Description

  1. Create a container registry with a self-signed cert and try to implement it through Devtron and pass your ca.crt as below
Screenshot 2024-05-03 at 11 25 42 AM
  1. Now try to build it through Devtron and don't implement BUILDX , it will be push to registry without any issue
Screenshot 2024-05-03 at 11 34 02 AM
  1. Now try to enable Buildx and try to build, you will be face this issue

#10 ERROR: failed to push <registry.domain.com>/library/test:0fd5e184-120-10493: failed to do request: Head "https://registry.domain.com/v2/library/test/blobs/sha256:9368c4e892c0c964d50c773bb1224d98573c77ed05018b2f935fc57f792c64e2": tls: failed to verify certificate: x509: certificate signed by unknown authority

Work around , you can exec into buildkit pod and try to store your cert

  • docker ps|grep -i 'buildkit'
  • docker exec -it containerID sh
  • docker exec -it containerID sh
    $$ cat >> /etc/ssl/certs/ca-certificates.crt <<'EOF'
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    EOF
    $$ exit
  • docker restart containerID

Now try to build with build, It will be successful
Screenshot 2024-05-03 at 11 40 36 AM

👟 Reproduction steps

try to setup a selfsigned registry and try to build with buildx in devtron , the workaround docker/buildx#80 (comment)

👍 Expected behavior

It should work fine

👎 Actual Behavior

Not working

☸ Kubernetes version

1.29

Cloud provider

aws

🌍 Browser

Chrome

🧱 Your Environment

No response

✅ Proposed Solution

No response

👀 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find any similar issue

🏢 Have you read the Code of Conduct?

AB#9707

Metadata

Metadata

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions