Skip to main content

Insecure Docker Registry

Your CI/CD build might need to interact with insecure docker registry running with http protocol or self-signed certificate. This tutorial explains how to achieve this with docker related executors.

Firstable, we need to check which builder is being used in more settings of the executor executing your job:

buildx builder

By default the builder onedev is used for all executors, including the auto-discovered one

On all machines the executor might be running, login as the OS user running OneDev process if OneDev server or agent runs in bare metal mode, or any user with docker run permission if it runs inside docker container. Then do the following:

  1. Run below command to delete the builder:

    docker buildx rm <builder name>
  2. Run docker ps -a|grep buildx_buildkit_<builder name>0 to list associated builder container. Delete the container if it exists

  3. Create a file say /etc/buildkit/buildkitd.toml containing below content:

    [registry."<registry host>:<registry port>"]
    http = true
  4. Create the builder using above file as config file:

    docker buildx create --name <builder name> --config /etc/buildkit/buildkitd.toml
  5. If OneDev runs inside docker container, you also need to mount the buildx config into the container via below option so that the builder can be accessed inside container:

    -v <user home>/.docker/buildx:/root/.docker/buildx