Hi all!
I have a self-hosted docker registry with a self-sign certificate. I'm trying to push docker image to this registry but getting the following error:
x509: certificate signed by unknown authority
I can not understand why, since on my local machine (on which I'm running ci runner) everything seems to work fine (I've created a path in /etc/docker/certs.d/address_to_registry/ca.crt). I am also able to mount docker.sock to docker image and push everything to the registry.
The step that is failing looks as follows:
- step:
name: Deploy to Production
deployment: Production
runs-on: self.hosted
script:
- IMAGE_NAME=$BITBUCKET_REPO_SLUG
- docker load --input "${IMAGE_NAME}.tar"
- VERSION="prod-0.1.${BITBUCKET_BUILD_NUMBER}"
- IMAGE=${REGISTRY_URL}/${IMAGE_NAME}
- docker tag "${IMAGE_NAME}" "${IMAGE}:${VERSION}"
- docker push "${IMAGE}:${VERSION}"
services:
- docker
I don't quite understand how the docker service works. Does it not use "docker.sock" mounted to the runner? If it does it should verify my registry certificate. Maybe I'm missing something in the documentation but I have no idea how to debug this to resolve my problem. I also tried to pass the certificate to this step and install it via the "update-ca-certificates" tool but still gets the same error.
EDIT 1: The strangest thing is that in another pipeline (on same runner) I'm using images from this repository (using "image: my_repo/my_image:tag") and the image pulls with no problems. It seems like using the "services" keyword breaks everything.
EDIT 2: I'm using the "atlassian/default-image:3" for the problematic step.
Any ideas will be appreciated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.