I’m trying to use the GitLab Docker registry, but I seem to fail whatever I try, most of it has to do with ca certificates and privileged mode. My .gitLab-ci.yml
file, see below.
Now, here’s the problem: when I’m not running in privileged mode, I can make work docker login
work by mounting a volume with my ca-certificates into the docker container and run update-ca-certificates
. However, since I’m not running in privileged mode, I can’t use docker, since I get this error:
$ docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
$ docker build --pull -t $TEST_IMAGE .
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
So, I updated my gitLab-runner config to run in privileged mode. When I do so, for some reason, the ca-certificates seem to be a problem again:
$ docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://op-gitlab.howest.be:4567/v2/: x509: certificate signed by unknown authority
Can I find a full but minimal working example somewhere with self-signed certificates and the docker registry?
–
image: docker:stable
services:
- docker:dind
stages:
- build
- test
- release
variables:
TEST_IMAGE: <domain>/<group>/<container>:$CI_COMMIT_REF_NAME
RELEASE_IMAGE: <domain>/<group>/<container>:latest
before_script:
- echo $CI_REGISTRY
- apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
- mkdir -p /etc/ssl/certs/ && update-ca-certificates --fresh
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
build:
stage: build
script:
- docker build --pull -t $TEST_IMAGE .
- docker push $TEST_IMAGE
test:
stage: test
script:
- docker pull $TEST_IMAGE
- docker run $TEST_IMAGE npm test
release:
stage: release
script:
- docker pull $TEST_IMAGE
- docker tag $TEST_IMAGE $RELEASE_IMAGE
- docker push $RELEASE_IMAGE
only:
- master