New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate signed by unknown authority when using nexus image repo #412
Comments
Can you please share your |
Same issue with docker hub (https://registry-1.docker.io) |
i got the some problem
|
Hi team, I'm having the exact same issue.... Thanks ! |
I have the same problem, running v0.12.0 on arm64.
|
This seems to no longer be an issue in the image tagged "latest" so hopefully it's fixed in 0.13.0 :) |
Please verify this for version 0.13.0 |
I am facing the same issue. I have tried using latest, but still the issue remains. I am using harbor registry. |
Same issue with private, self-hosted repository with certificate signed by Let's encrypt. Any news on this? |
I have also encountered this issue using v0.12.0. Following the discussion I have set up the following configuration: (after updating to latest tag*) apiVersion: v1
data:
log.level: debug
registries.conf: | # set up registry for nexus
registries:
- name: corpnexus
prefix: "corpnexus.corp.my-org.net:8082"
default: true
api_url: https://corpnexus.corp.my-org.net:8082
insecure: true
kind: ConfigMap
metadata:
annotations:
creationTimestamp: "2023-04-02T10:39:10Z"
labels:
app.kubernetes.io/name: argocd-image-updater-config
app.kubernetes.io/part-of: argocd-image-updater
name: argocd-image-updater-config
namespace: gitops I executed into the # content of app/config inside argocd-image-updater container (k8s)
/app/config $ ls
registries.conf ssh
# content of regisries config
/app/config $ cat registries.conf
registries:
- name: corpnexus
prefix: "corpnexus.corp.my-org.net:8082"
default: true
api_url: https://corpnexus.corp.my-org.net:8082
insecure: true
# Testing connection to nexus
/app/config $ argocd-image-updater test corpnexus.corp.my-org.net:8082/digital/my-org.digital.an_app/build_sprint_13_an_app --registries-conf-path
./registries.conf
DEBU[0000] Creating in-cluster Kubernetes client
INFO[0000] retrieving information about image image_alias= image_name="corpnexus.corp.my-org.net:8082/digital/my-org.digital.an_app/build_sprint_13_an_app" registry_url="corpnexus.corp.my-org.net:8082"
DEBU[0000] rate limiting is disabled prefix="corpnexus.corp.my-org.net:8082" registry="https://corpnexus.corp.my-org.net:8082"
DEBU[0000] Setting default registry endpoint to corpnexus.corp.my-org.net:8082
DEBU[0000] Previous default registry was docker.io
INFO[0000] Loaded 1 registry configurations from ./registries.conf
INFO[0000] Fetching available tags and metadata from registry application=test image_alias= image_name="corpnexus.corp.my-org.net:8082/digital/my-org.digital.an_app/build_sprint_13_an_app" registry_url="corpnexus.corp.my-org.net:8082"
INFO[0000] Found 1 tags in registry application=test image_alias= image_name="corpnexus.corp.my-org.net:8082/digital/my-org.digital.an_app/build_sprint_13_an_app" registry_url="corpnexus.corp.my-org.net:8082"
DEBU[0000] could not parse input tag latest as semver: Invalid Semantic Version
INFO[0000] no newer version of image found application=test image_alias= image_name="corpnexus.corp.my-org.net:8082/digital/my-org.digital.an_app/build_sprint_13_an_app" registry_url="corpnexus.corp.my-org.net:8082" This seems to solve the issue, note: without directing the |
I had to add docker hub to the list of registries with
|
While using the test command to check for latest tags from nexus image repository an error is observed about unknown certificate.
I've configured the registries conf and used insecure: true, yet the image-updater pod trying to access my registry using https.
two question:
for example:
argocd-image-updater test nexus3:2000/nginx
error received:
could not tags: Get "https://nexus3:2000/v2": x509 certificate signed by unknown authority application=test image_alias= image_name="nexus3:2000/nginx registry_url="nexus3:2000"
side note:
Argocd server is up and running and have the certificate in question added as config map.
The text was updated successfully, but these errors were encountered: