I have a private registry with self signed certs. I want to push images to that registry. My current setup is a standalone buildkit running with a shared volume containing buildkitd.sock accessible to another container. The second container is configured with either --builder or BUILDX_BUILDER env var to use the socket file.

However when I try to push images it fails.

$ docker build . --output type=registry,name=privateregistry.example/dev/buildkit:testv1,registry.insecure=true

 <.........build logs.........>
------
 > exporting to image:
------
ERROR: failed to build: failed to solve: failed to fetch oauth token: Post "https://privateregistry.example/service/token": tls: failed to verify certificate: x509: certificate signed by unknown authority

buildkit.toml:

[worker.oci]
  enabled = true

[worker.containerd]
  enabled = false

[registry."privateregistry.example"]
  insecure=true

When I use buildkit directly with buildctl I am able to use something like:

./buildctl build --frontend dockerfile.v0 --local context=. --local dockerfile=. --output type=image,name=privateregistry.example/dev/buildkit:testv1,push=true,registry.insecure=true --registry-auth-tlscontext host=privateregistry.example,insecure=true

How do I achieve something similar with docker build?

Recently someone I think solved it by adding a CA certificate to operating system’s own trust store. But for that, you would need a self signed CA that you use to sign a certificate that you use for the TLS. I use this approach for TLS recently. This way I don’t just ignore certificates but specify what I trust.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.