I am using gitlab runner on kubernetes, kaniko to push image to docker private registry(insecure), how could I give kaniko push permissions?
I tried --insecure-registry, --skip-tls-verify params but there is the same error
build:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --insecure-registry --destination registry-ip:5000/soccererror checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "registry-ip:5000/soccer": Post http://registry-ip:5000/v2/soccer/blobs/uploads/: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02\x16"
Pushing to insecure registries requires a change to the docker daemon. The Docker daemon (whatever runtime you are using for the Kubernetes cluster, e.g. be it Docker, Containerd, etc. I will assume you use the Docker Daemon) needs to be edited to allow insecure registries. Edit the /etc/docker/daemon.json and add the following:
{
"insecure-registries" : [ "registry-ip:5000" ]
}
Then restart docker on each of the nodes.
A better approach would be to add some form of authentication over the local docker registry. You can enable HTTP basic auth on the Docker registry. Or you can set up SSL on the docker registry with a signed certificate (self-signed certificates need to be added to the Docker daemon before they are trusted though).