Have you searched for this feature request?
Problem Statement
Description
To build/push an image against the gitea registry, the way to go is to use the ingress-nginx address resolved against the localhost 127.0.0.1. While this approach is fine when users will build/push an image outside of the k8s cluster, that will fail using the internal k8s service of gitea as you can see hereafter the error reported doing in a pod a buildah build of a dockerfile
[buildah-image : build-and-push] ## Buildah version
[buildah-image : build-and-push] buildah version 1.37.3 (image-spec 1.1.0, runtime-spec 1.2.0)
[buildah-image : build-and-push] ## Build the project ...
[buildah-image : build-and-push] STEP 1/11: FROM registry.access.redhat.com/ubi8/openjdk-21:1.20
[buildah-image : build-and-push] Trying to pull registry.access.redhat.com/ubi8/openjdk-21:1.20...
[buildah-image : build-and-push] Getting image source signatures
[buildah-image : build-and-push] Checking if image destination supports signatures
[buildah-image : build-and-push] Copying blob sha256:8dc97931d0a29118b7e8dd695ac355f7b569223a972f3eb87f2ff07fc9fc190a
[buildah-image : build-and-push] Copying blob sha256:b46e4e7892d6177335aee5445f59105231c351f2fb68a24f25ee7b2656e29674
[buildah-image : build-and-push] Copying config sha256:b8d81704f56858c6859ce949133635bb716162ddd3c8d012ec77572449403153
[buildah-image : build-and-push] Writing manifest to image destination
[buildah-image : build-and-push] Storing signatures
[buildah-image : build-and-push] STEP 2/11: ENV LANGUAGE='en_US:en'
[buildah-image : build-and-push] STEP 3/11: COPY --chown=185 target/quarkus-app/lib/ /deployments/lib/
[buildah-image : build-and-push] STEP 4/11: COPY --chown=185 target/quarkus-app/*.jar /deployments/
[buildah-image : build-and-push] STEP 5/11: COPY --chown=185 target/quarkus-app/app/ /deployments/app/
[buildah-image : build-and-push] STEP 6/11: COPY --chown=185 target/quarkus-app/quarkus/ /deployments/quarkus/
[buildah-image : build-and-push] STEP 7/11: EXPOSE 8080
[buildah-image : build-and-push] STEP 8/11: USER 185
[buildah-image : build-and-push] STEP 9/11: ENV JAVA_OPTS_APPEND="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
[buildah-image : build-and-push] STEP 10/11: ENV JAVA_APP_JAR="/deployments/quarkus-run.jar"
[buildah-image : build-and-push] STEP 11/11: ENTRYPOINT [ "/opt/jboss/container/java/run/run-java.sh" ]
[buildah-image : build-and-push] COMMIT my-gitea-http.gitea:3000/giteaadmin/my-quarkus-app
[buildah-image : build-and-push] Getting image source signatures
[buildah-image : build-and-push] Copying blob sha256:dd5e77a90e609b328f2e49aa60e50bd8837e505c157060c337725413ccf449f1
[buildah-image : build-and-push] Copying blob sha256:8b30b41a0b038bf660c4538ae04bb77b7cdbfcfcb0f5a378129ddf82b91542e7
[buildah-image : build-and-push] Copying blob sha256:3d118423613f432336691bc30be7ef697cabccac4f7c386b134418b876c55428
[buildah-image : build-and-push] Copying config sha256:7ebf93612de328321595acc2f8343ece1adb6def11e963614331b4e70a20f257
[buildah-image : build-and-push] Writing manifest to image destination
[buildah-image : build-and-push] --> 7ebf93612de3
[buildah-image : build-and-push] Successfully tagged my-gitea-http.gitea:3000/giteaadmin/my-quarkus-app:latest
[buildah-image : build-and-push] 7ebf93612de328321595acc2f8343ece1adb6def11e963614331b4e70a20f257
[buildah-image : build-and-push] + buildah --storage-driver=overlay push --tls-verify=false --digestfile /tmp/image-digest my-gitea-http.gitea:3000/giteaadmin/my-quarkus-app docker://my-gitea-http.gitea:3000/giteaadmin/my-quarkus-app
[buildah-image : build-and-push] Getting image source signatures
[buildah-image : build-and-push] Copying blob sha256:3d118423613f432336691bc30be7ef697cabccac4f7c386b134418b876c55428
[buildah-image : build-and-push] Copying blob sha256:dd5e77a90e609b328f2e49aa60e50bd8837e505c157060c337725413ccf449f1
[buildah-image : build-and-push] Copying blob sha256:8b30b41a0b038bf660c4538ae04bb77b7cdbfcfcb0f5a378129ddf82b91542e7
[buildah-image : build-and-push] Error: pushing image "my-gitea-http.gitea:3000/giteaadmin/my-quarkus-app" to "docker://my-gitea-http.gitea:3000/giteaadmin/my-quarkus-app": trying to reuse blob sha256:dd5e77a90e609b328f2e49aa60e50bd8837e505c157060c337725413ccf449f1 at destination: Get "https://gitea.cnoe.localtest.me:8443/v2/token?scope=repository%3Agiteaadmin%2Fmy-quarkus-app%3Apull%2Cpush&service=container_registry": dial tcp: lookup gitea.cnoe.localtest.me: no such host
Possible Solution
I suggest that we support such an option. That will require that we do different things such as:
- Adapt the kind template file
https://github.com/cnoe-io/idpbuilder/blob/main/pkg/kind/resources/kind.yaml.tmpl to include the internal address of the registry
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."gitea.{{ .Host }}:{{ .Port }}"]
endpoint = ["https://gitea.{{ .Host }}"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."gitea.{{ .Host }}".tls]
insecure_skip_verify = true
- In a 2nd step, we should also mount the Certificate to the HTTP(S) endpoint the gitea service as secret or configMap to support HTTP & HTTPS calls as some clients could refuse to access the oci registry using plain HTTP
Alternatives Considered
No response
Have you searched for this feature request?
Problem Statement
Description
To build/push an image against the gitea registry, the way to go is to use the ingress-nginx address resolved against the localhost
127.0.0.1. While this approach is fine when users will build/push an image outside of the k8s cluster, that will fail using the internal k8s service of gitea as you can see hereafter the error reported doing in a pod abuildah buildof a dockerfilePossible Solution
I suggest that we support such an option. That will require that we do different things such as:
https://github.com/cnoe-io/idpbuilder/blob/main/pkg/kind/resources/kind.yaml.tmplto include the internal address of the registryAlternatives Considered
No response