Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Argocd-Image-updater registry custom TLS certificate add/skip issue #872

Open
Muhammad-Irfan324 opened this issue Sep 29, 2024 · 0 comments
Open

Argocd-Image-updater registry custom TLS certificate add/skip issue #872

Muhammad-Irfan324 opened this issue Sep 29, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@Muhammad-Irfan324
Copy link

Muhammad-Irfan324 commented Sep 29, 2024
edited
Loading

Describe the bug
https://github.com/argoproj/argo-helm/blob/ebb2d15f1e370e6023770713596aa480c71b8914/charts/argocd-image-updater/values.yaml#L149
registries:
- name: name of the registry
prefix: name of the registry
api_url: https://registryURL:443
credentials: pullsecret:namespace/secret
insecure: true

Docker registry is nexus with self signed SSL/TLS

For Docker login to local system

crt needs to be store after that docker login can be done

But argocd-image-updater says it can't find the tls verification even though passed the insecure flag

https://github.com/argoproj/argo-helm/blob/main/charts/argocd-image-updater/values.yaml

Even tried to add TLS certificate with volume and volumemount the secret and with init container or directly as well but pod goes into crashloopback error.

Version
argocd-image-updater = v0.14.0

Please tell us about the version you encountered the issue with

Logs

argocd-image-updater test --registries-conf-path=/app/config/registries.conf registryURL/busybox:tag
DEBU[0000] Creating in-cluster Kubernetes client
INFO[0000] retrieving information about image            image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
DEBU[0000] rate limiting is disabled                     prefix=registryURL registry="[https://registryURL](https://registryURL/)"
INFO[0000] Loaded 1 registry configurations from /app/config/registries.conf
DEBU[0000] setting rate limit to 20 requests per second  prefix="registryURL" registry="[https://registryURL](https://registryURL/)"
DEBU[0000] Inferred registry from prefix registryURL to use API [https://registryURL](https://registryURL/)
INFO[0000] Fetching available tags and metadata from registry  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
FATA[0000] could not get tags: Get "[https://registryURL/v2/](https://registryURL/v2/)": tls: failed to verify certificate: x509: certificate signed by unknown authority  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
/ $ cat /app/config/registries.conf
registries:
  - api_url: [https://registryURL](https://registryURL/)
    credentials: pullsecret:namespace/secret
    insecure: true
    name: registryURL
    prefix: registryURL

Selection_421

No Option for adding CA for registry? niether the flag is working to bypass the TLS

Selection_422

Documentation Link - https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#configuration-format
@Muhammad-Irfan324 Muhammad-Irfan324 added the bug Something isn't working label Sep 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Muhammad-Irfan324