|
| 1 | +--- |
| 2 | +title: Image registry troubleshooting |
| 3 | +description: Learn how to resolve issues connecting to an image registry. |
| 4 | +--- |
| 5 | + |
| 6 | +When configuring Coder to use a local image registry in an air-gapped network, |
| 7 | +you may encounter an error similar to the following: |
| 8 | + |
| 9 | +```console |
| 10 | +An error occurred while submitting |
| 11 | + |
| 12 | +unable to ping registry for 'new transport: Get "https://registry-url.org": x509: |
| 13 | +certificate signed by unknown authority |
| 14 | +``` |
| 15 | + |
| 16 | +## Why this happens |
| 17 | + |
| 18 | +The local registry you are configuring is expecting a valid certificate to |
| 19 | +authenticate the connection with Coder. You will receive this error if: |
| 20 | + |
| 21 | +- You do not have a certificate |
| 22 | +configured |
| 23 | +- There is an issue with the certificate itself |
| 24 | + |
| 25 | +> Coder uses Docker's Registry 2.0 implementation, which supports self-signed |
| 26 | +> certificates and assumes that the protocol you're using will be HTTPS. |
| 27 | +
|
| 28 | +## Troubleshooting steps |
| 29 | + |
| 30 | +- If you haven't created the local registry, and you haven't generated the |
| 31 | + self-signed certificate, [please see our |
| 32 | + documentation](../../setup/air-gapped/infrastructure.md) on setting these up. |
| 33 | + |
| 34 | +- Check to see if your `registry.crt` file is stored in the correct location on |
| 35 | + each of your Kubernetes nodes. Depending upon your Linux distribution and |
| 36 | + container runtime, it may be in any of the following locations: |
| 37 | + |
| 38 | + ```console |
| 39 | + /usr/local/share/ca-certificates/registry.crt |
| 40 | + /etc/docker/certs.d/${REGISTRY_DOMAIN_NAME}/ca.crt |
| 41 | + /etc/ssl/certs/registry.crt |
| 42 | + /etc/pki/tls/registry.crt |
| 43 | + ``` |
| 44 | + |
| 45 | +- If your cluster uses `containerd`, ensure the following patch has been applied |
| 46 | + to the `/etc/containerd/config.toml` file: |
| 47 | + |
| 48 | + ```console |
| 49 | + [plugins."io.containerd.grpc.v1.cri".registry.configs."$REGISTRY_DOMAIN_NAME".tls] |
| 50 | + insecure_skip_verify = true |
| 51 | + ``` |
| 52 | + |
| 53 | +Ensure that you've created the self-signed certificate secret in your Kubernetes |
| 54 | +cluster: |
| 55 | + |
| 56 | + ```console |
| 57 | + kubectl -n coder get secret local-registry-cert -o yaml |
| 58 | + ``` |
| 59 | + |
| 60 | +If none of these steps resolve the issue, please [contact |
| 61 | +us](https://coder.com/contact) for further support. |
0 commit comments