I'm getting error:
Error response from daemon: Get https://my-registry.local:443/v2/: Get http://my-registry.local/v2/token?account=admin&client_id=docker&offline_token=true&service=my-registry.local: net/http: request cancele d (Client.Timeout exceeded while awaiting headers) (Client.Timeout exceeded while awaiting headers)
From What I can see, it's trying to get the offline token from 'http' which is my VIP is not listening on, instead of 'https'.
This instance of Artifactory is deployed in our internal K8, and I suspect it may have something to do w/ the nginx-ingress for this deployment. I've set it up pretty straight forward:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: artifactory
annotations:
ingress.kubernetes.io/force-ssl-redirect: "true"
ingress.kubernetes.io/proxy-read-timeout: "600"
ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token;
rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3;
rewrite ^/webapp$ artifactory/webapp/ redirect;
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
rules:
- host: my-registry.local
http:
paths:
- path: /artifactory
backend:
serviceName: artifactory
servicePort: 80
- path: /v2
backend:
serviceName: artifactory
servicePort: 80
- path: /v1
backend:
serviceName: artifactory
servicePort: 80
Everything else works: The UI, helm, NPM etc.. the issue appears to be docker specific.
As you can see, it tries to login to the registry correctly using https, but then somehow in the backend it tries to get the token using 'http' instead, and I don't see where in the Artifactory config I can fix this, hence why I figured it must be something w/ the ingress controller. Has anyone seen this before?
So From this
- path: /artifactory
backend:
serviceName: artifactory
servicePort: 80
Looks like your ingress goes to an nginx service called artifactory? If that's the case, you will need to share you nginx conf. Look for a line with X-Artifactory-Override-Base-Url and check if the base url schema is https and not http. If not, setting custombase url in Artifactory UI may help (https://my-registry.local).
Also try this:
$ curl -vL -u admin https://my-registry.local:443/v2/token
See if you get a token in response.