I want to configure a CI with GitLab-CE and CD with Argo CD on OpenShift. But I can't configure the GitLab External Registry

Problem to solve

Describe your question in as much detail as possible:

Hello GitLab community!

I work at an entity where we want to create a private cloud using Red Hat OpenShift Container Platform (RHOCP).

But we do not want to use the RHOCP Internal Registry as much as possible.

The idea of ​​the project is the following:

  1. Create a container registry on a GitLab server installed on a virtual machine external to RHOCP.

  2. Test uploading some containers to that registry from the RHOCP installation bastion using Podman.

  3. Create some secrets to make RHOCP able to import container images hosted by hand or through GitLab CI.

  4. Create the Deployments in RHOCP in .yml format and host them in GitLab.

  5. Install and configure Argo CD.

  6. Celebrate that we have a CI/CD system tailored to us.

I set the following in the file:

/etc/gitlab/gitlab.rb

  • I’m going to use example.como as the FQDN, but I actually use the one for the entity

external_url ‘https://gitlab.example.com
registry_external_url ‘https://gitlab.example.com:5005
gitlab_rails[‘registry_enabled’] = true
gitlab_rails[‘registry_host’] = “gitlab.example.com
gitlab_rails[‘registry_port’] = “5005”
gitlab_rails[‘registry_path’] = “/var/opt/gitlab/gitlab-rails/shared/registry”
gitlab_rails[‘registry_api_url’] = “http://127.0.0.1:5000
gitlab_rails[‘registry_key_path’] = “/var/opt/gitlab/gitlab-rails/certificate.key”
registry[‘enable’] = true
registry[‘token_realm’] = “https://gitlab.example.com:443
registry[‘registry_http_addr’] = “localhost:5000”
registry[‘log_directory’] = “/var/log/gitlab/registry”
registry[‘env_directory’] = “/opt/gitlab/etc/registry/env”
registry[‘env’] = {
‘SSL_CERT_DIR’ => “/opt/gitlab/embedded/ssl/certs/”
}
registry[‘log_level’] = “info”
registry[‘rootcertbundle’] = “/var/opt/gitlab/registry/gitlab-registry.crt”
registry_nginx[‘enable’] = true
registry_nginx[‘redirect_http_to_https’] = true
registry_nginx[‘listen_port’] = 5005
registry_nginx[‘ssl_certificate’] = “/etc/gitlab/ssl/example.com-chain.pem”
registry_nginx[‘ssl_certificate_key’] = “/etc/gitlab/ssl/example.key”

I open the ports in GitLab OS:
firewall-cmd --permanent --add-service=docker-registry
firewall-cmd --permanent --add-port=5005/tcp
firewall-cmd --reload

and restart the services:

gitlab-ctl reconfigure && gitlab-ctl restart

I connect to the RHOCP bastion using ssh:
I download the example image:
podman pull hello-world
We consult the data of the downloaded image:
podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
Quay latest 5dd467fce50b 8 weeks ago 787 kB

We authenticate ourselves to the GitLab registry using a Token:

Login Succeeded!

When trying to upload the example image to a repository, using the command:

podman push Quay gitlab.example.com/informatica/infraestructura/terraform

we found the following error message:

Getting image source signatures
Copying blob 2114fc8b7058 skipped: already exists
Copying config 5dd467fce5 done |
Writing manifest to image destination
Error: writing manifest: uploading manifest latest to gitlab.example.com/informatica/infraestructura/terraform: StatusCode: 404, “\n\n\n <meta content="wid …”

  • What are you seeing, and how does that differ from what you expect to see?
  • Consider including screenshots, error messages, and/or other helpful visuals

Steps to reproduce

Which troubleshooting steps have you already taken? Can you link to any docs or other resources so we know where you have been?

Configuration

Provide screenshots from the GitLab UI showing relevant configuration, if applicable.
On self-managed instances, add the relevant configuration settings or changes.

Versions

Please select whether options apply, and add the version information.

Versions:

GitLab Ce on Premise Installed on Red Hat Enterprise Linux 9.4 (Plow) with Omni, Fapolicyd disabled,SELinux permissive on FIPS compliant S.O (DISA STIG)

GitLab v17.2.0
GitLab Shell 14.37.0
GitLab Workhorse v17.2.0
GitLab API v4
GitLab KAS 17.2.0
Ruby 3.1.5p253
Rails 7.0.8.4
PostgreSQL (main) 14.11
PostgreSQL (ci) 14.11
Redis 7.0.1

RHOCP Bastion:

S.O: Red Hat Enterprise Linux 9.4 (Plow)
Podman version: podman version 4.9.4-rhel

Resolved I forgot to include the Port in the Push:

Final Working GitLab configuration:

external_url ‘https://gitlab.example.com
registry_external_url ‘https://registry.example.com:5005
gitlab_rails[‘registry_enabled’] = true
gitlab_rails[‘registry_host’] = “registry.example.com
gitlab_rails[‘registry_port’] = “5005”
gitlab_rails[‘registry_path’] = “/var/opt/gitlab/gitlab-rails/shared/registry”
gitlab_rails[‘registry_api_url’] = “http://localhost:5000
gitlab_rails[‘registry_key_path’] = “/var/opt/gitlab/gitlab-rails/certificate.key”
gitlab_rails[‘registry_issuer’] = “omnibus-gitlab-issuer”
registry[‘enable’] = true
registry[‘token_realm’] = “https://gitlab.example.com:443
registry[‘registry_http_addr’] = “localhost:5000”
registry[‘log_directory’] = “/var/log/gitlab/registry”
registry[‘env_directory’] = “/opt/gitlab/etc/registry/env”
registry[‘env’] = {
‘SSL_CERT_DIR’ => “/opt/gitlab/embedded/ssl/certs/”
}
registry[‘log_level’] = “info”
registry[‘rootcertbundle’] = “/var/opt/gitlab/registry/gitlab-registry.crt”
nginx[‘enable’] = true
nginx[‘redirect_http_to_https’] = true
nginx[‘ssl_certificate’] = “/etc/gitlab/ssl/chain.pem”
nginx[‘ssl_certificate_key’] = “/etc/gitlab/ssl/clave.key”
nginx[‘ssl_protocols’] = “TLSv1.3”
registry_nginx[‘enable’] = true
registry_nginx[‘redirect_http_to_https’] = true
registry_nginx[‘listen_port’] = 5005
registry_nginx[‘ssl_certificate’] = “/etc/gitlab/ssl/chain.pem”
registry_nginx[‘ssl_certificate_key’] = “/etc/gitlab/ssl/clave.key”
registry_nginx[‘custom_gitlab_server_config’] = ‘proxy_cache_convert_head off;’

podman push Quay registry.example:5005/informatica/infraestructura/vidhag-muletto

Getting image source signatures
Copying blob ce980a8f5545 skipped: already exists
Copying config 5dd467fce5 done |
Writing manifest to image destination

it works!

Thank you very much

1 Like