-Djib.allowInsecureRegistries=true does not seems to work
See original GitHub issueEnvironment: Docker image: gcr.io/cloud-builders/mvn
-
Jib version: 1.6.1
-
*Build tool: Maven
-
OS: Docker Container
Description of the issue:
I am trying to use the -Djib.allowInsecureRegistries=true
option to my tool and I am getting an error of this type when using it :
building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am using it while building a sample helloworld application https://github.com/che-samples/console-java-simple
Expected behavior:
Working
Steps to reproduce:
- Checkout https://github.com/che-samples/console-java-simple
- docker run -v it to /builder/home
- Run
- mvn
- compile
- com.google.cloud.tools:jib-maven-plugin:build
- -Duser.home=/builder/home
- -Dimage=image-registry.openshift-image-registry.svc:5000/test/image
- -Djib.allowInsecureRegistries=true
Log output:
Full log output
[INFO] Scanning for projects... Downloading from central: https://repo.maven.apache.org/maven2/com/google/cloud/tools/jib-maven-plugin/maven-metadata.xml Progress (1): 1.5 kBDownloaded from central: https://repo.maven.apache.org/maven2/com/google/cloud/tools/jib-maven-plugin/maven-metadata.xml (1.5 kB at 2.5 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/cloud/tools/jib-maven-plugin/1.6.1/jib-maven-plugin-1.6.1.pom Progress (1): 2.2/3.5 kB Progress (1): 3.5 kB
[…]
[INFO] Containerizing application to image-registry.openshift-image-registry.svc:5000/tekton-pipelines/console-java-simple… [INFO] Retrieving registry credentials for image-registry.openshift-image-registry.svc:5000… [INFO] Getting base image gcr.io/distroless/java:8… [INFO] Building resources layer… [INFO] Building classes layer… [INFO] [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 16.607 s [INFO] Finished at: 2019-10-17T14:02:14Z [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:1.6.1:build (default-cli) on project console-java-simple: Build image failed: Failed to authenticate with registry image-registry.openshift-image-registry.svc:5000/tekton-pipelines/console-java-simple because: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Issue Analytics
- State:
- Created 4 years ago
- Comments:20 (11 by maintainers)
Top GitHub Comments
Thanks @chmouel. The cause is what I suspected before, which is more or less an intended behavior that, although Jib allows talking to insecure registries, it won’t allow token exchanges with auth servers which may be a separate auth/login server. But for practical purposes, I am now convinced it is reasonable to lift this restriction. #2100 will fix this.
Yes no worries, I can help with that, I have tried again
-DsendCredentialsOverHttp=true
and I am still getting the :The full debug with
-X
is here debug-file-X.txtThis is indeed with tekton.
If you have a tekton (
kubectl create -f https://raw.githubusercontent.com/openshift/tektoncd-pipeline/release-v0.7.0/openshift/release/tektoncd-pipeline-v0.7.0.yaml
) and an openshift (you can get one for free here https://try.openshift.com) installed you can easily test the task with these templates (to apply in order):task.yaml resources.yaml run.yaml
which would push to the internal openshfit registry