Gitlab COntainer Registry Error: docker login $CI_REGISTRY ----- tls: failed to verify certificate: x509: certificate signed by unknown authority

Question

I have a local Gitlab CE version 17.8.1, trying to have Container registry.

I am using self signed certificates.

When running the build-image in the pipeline, I got failer to verify certificate error:

$ echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u  $CI_REGISTRY_USER --password-stdin

Error response from daemon: Get "https://registry.xxx.com:5001/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority

Following in the gitlab.rb file registry changed lines:

registry_external_url 'https://registry.xxx.com:5001'
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.xxx.com"
gitlab_rails['registry_port'] = "5001"
gitlab_rails['registry_api_url'] = "http://127.0.0.1:5000"
registry['enable'] = true
registry['ssl_certificate'] = "/etc/gitlab/ssl/registry.xxx.com.crt"
registry['ssl_certificate_key'] = "/etc/gitlab/ssl
registry.xxx.com.key"
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl
registry.xxx.com.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl
registry.xxx.com.key"
registry['env'] = {
   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}

Also I generated certificates (crt-key-pem) and added them to the /etc/gitlab/ssl and to /et/gitlab/trusted-certs, then (sudo update-ca-certificates) and (c_rehash .)

Afterwards did, gitlab-ctl reconfigure - gitlab-ctl restart

Any clue what to be done else to resolve this?

Answer 1

It managed to find workaround for it by creating the file /etc/docker/daemon.json and adding the insecure-registry

{
    "insecure-registries" : [ "registry.xxx.com:5001" ]
}

Then reload the services:

#sudo systemctl daemon-reload
#systemctl restart snap.docker.dockerd.service
#systemctl status snap.docker.dockerd.service