Yeah, I secured the registry, however I couldn't get pushing to work when using the tls certificates.. I kept getting "Error: x509: certificate signed by unknown authority" when using the master's ca.crt coppied into /etc/docker/certs.d/172.30.25.196:5000/ca.crt I tried going throgh the secure your registry steps three times, and I can't get it to work. I could cutl --cacert=/etc/docker/certs.d/172.30.25.196:5000/ca.crt https://172.30.25.196:5000/v2/ just fine, but docker still didn't like it.
Adding "--insecure-registry 172.30.25.196:5000" was a workaround that works mostly - it is still flaky when pushing from a build. I'd really like to get a secure registry working so any thoughts ? Cameron On Thu, 8 Dec 2016 at 12:26 Andy Goldstein <[email protected]> wrote: Docker assumes that the registry talks TLS. It will only use http if you specify the registry is insecure (typically via '--insecure-registry 172.30.0.0/16' in /etc/sysconfig/docker). Is your registry secured? On Wed, Dec 7, 2016 at 8:11 PM, Cameron Braid <[email protected]> wrote: I am occasional getting this error after a build when pushing to the internal registry : Pushed 10/12 layers, 83% complete Registry server Address: Registry server User Name: serviceaccount Registry server Email: [email protected] Registry server Password: <<non-empty>> error: build error: Failed to push image: Get http://172.30.25.196:5000/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02" It looks like the pusher is using http to talk to the https registry. What tells the pusher that the registry is TLS ? Cheers Cameron _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
