Reputation: 81
GitLab CI - Cannot Log In To Docker Registry (x509)
I'm trying to get my GitLab CI/CD set up using the Docker executor and the docker-in-docker approach and am stuck on the the following issue:
In my .gitlab-ci.yml I am attempting to establish a connection with GitLab's integrated docker registry for the project:
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
However, the pipeline exits with the following error:
Error response from daemon: Get https://my.gitlab.server:1234/v2/: x509: certificate signed by unknown authority
I am able to log in to the registry and push/pull from the machine that the gitlab-runner is running on without issue, so I know that the certificate issue is not on the host machine. Additionally, I have tried creating a custom Docker image build from docker:latest which copies my certificates into the build container -- I tried putting it in both /etc/ssl/certs and /etc/docker/certs.d/my.gitlab.server:1234 -- without any success.
Any idea on where I need to put my cert or how I might otherwise get this resolved?
Upvotes: 4
Views: 3968
Answers (2)
Reputation: 83
I found another (hacky) way to pass the --insecure-registry parameter to dockerd that doesn't involve customizing gitlab-ci.yml config files.
mkdir -p /etc/gitlab-runner/dindhack
cat << EOF > /etc/gitlab-runner/dindhack/dockerd-entrypoint.sh
#!/bin/sh
/usr/local/bin/dockerd-entrypoint.sh --insecure-registry=gitlab.MYDOMAIN:PORT $@
EOF
And then you need to add the following mount point in your runner config.toml /etc/gitlab-runner/dindhack:/usr/local/sbin.
[[runners]]
name = "###########"
url = "###########"
token = "###########"
executor = "docker"
[runners.docker]
tls_verify = false
image = "docker:stable"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache", "/etc/gitlab-runner/dindhack:/usr/local/sbin"]
shm_size = 0
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
Upvotes: 0
Reputation: 177
When someone gets into this problem, I solved this adding the "insecure-registry" parameter to the docker dind service. But this is just a workaround, not a fix.
.gitlab-ci.yml
image: docker
services:
- name: docker:dind
command: ["--insecure-registry=gitlab.MYDOMAIN:PORT"]
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
stages:
- build
build:
stage: build
script:
- docker build .......
Upvotes: 3
Related Questions
- connection to gitlab container registry refused
- GitLab, Can't login in Docker registry
- Gitlab Docker login on wrong registry
- Gitlab Registry : Access Denied
- Docker/GitLab authentication for docker registry returns 401 error
- Gitlab runner: failure to log in to GitLab Container Registry
- Error when login to gitlab container registry in gitlab ci
- GitLab private registry - login error
- setting gitlab with docker registry error 500
- setting up gitlab as docker container with docker registry showing error 500