gitalb CI: x509: certificate signed by unkown authority while accessing private docker registry

Question

Can't login to my private docker registry from the gitlab-ci.

Scenario:

gitlab CE omnibus installation, the registry is inside the gitlab.
gitlab-runner with docker executor running as container in a docker swarm cluster
gitlab-runner has a ca.crt in /etc/gitlab-runner/certs/
The ca.crt contain the server, the intermediate and the root certificate in the correct order.
It's not a sel-signed certificate, it's a wildcard certificate (*.domain.com)
Inside the gitlab-runner container I can run curl https://registry.domain.com without erro

What I have tried:

Add the registry as insecure (daemon.json and in the .gitlab-ci.yaml)
Add the certificate in the runner as registry.domain.com.crt

.gitlab-ci.yml

build_image:  
  image: docker:19.03.8
  services:
    - name: docker:19.03.12-dind
      command: ["--insecure-registry=registry.domain.com:443"]
      alias: docker
  stage: build
  ...
  script:
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.domain.com

obs: I already saw this without success.

score 0 · Answer 1 · answered Jul 31 '20 at 18:23

0

I still don't know what caused this issue but the solution was mount docker socket in the gitlab-runner

gitlab-runner register <other_options> --docker-volumes /var/run/docker.sock:/var/run/docker.sock

answered Jul 31 '20 at 18:23

Joao Vitorino

2,976
3
26
55

gitalb CI: x509: certificate signed by unkown authority while accessing private docker registry

1 Answers1