tas/major_tom
1
0
Fork 1
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Use external hostname for container registry push #22

Merged
tas merged 2 commits from fix/insecure-registry-config into main 2026-03-16 13:22:53 +00:00
Conversation 0 Commits 2 Files Changed 1 +10
LeSerjant commented 2026-03-16 13:08:21 +00:00
Collaborator
Copy Link

Summary

  • Change registry from git.kimchi (internal) to git.schick-web.site (external) for container image push
  • Gitea's container registry token service scopes auth tokens to ROOT_URL — pushing to a different hostname causes authentication required errors
  • Keeps git.kimchi for git clone (unaffected by this issue)
  • Passes --creds directly to buildah push and includes --tls-verify=false

Context

ref: https://github.com/go-gitea/gitea/issues/19345

Test plan

  • Verify deploy workflow completes image push and k8s deployment after merge
## Summary - Change registry from `git.kimchi` (internal) to `git.schick-web.site` (external) for container image push - Gitea's container registry token service scopes auth tokens to `ROOT_URL` — pushing to a different hostname causes `authentication required` errors - Keeps `git.kimchi` for git clone (unaffected by this issue) - Passes `--creds` directly to `buildah push` and includes `--tls-verify=false` ## Context ref: https://github.com/go-gitea/gitea/issues/19345 ## Test plan - [ ] Verify deploy workflow completes image push and k8s deployment after merge
LeSerjant added 1 commit 2026-03-16 13:08:21 +00:00
Use external hostname for container registry push
All checks were successful
CI / build (pull_request) Successful in 32s
Details
ec63ce6701 
The Gitea container registry token service scopes tokens to ROOT_URL
(git.schick-web.site). Pushing to the internal hostname (git.kimchi)
causes auth failures because the token domain doesn't match.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
LeSerjant added 1 commit 2026-03-16 13:21:36 +00:00
Debug container registry auth: test v2 and token endpoints
Some checks failed
CI / build (pull_request) Successful in 31s
Details
Deploy / deploy (push) Failing after 1m14s
Details
c44ace5804 
Revert to git.kimchi, add curl diagnostics to understand why
auth fails even after login succeeds.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
tas merged commit c44ace5804 into main 2026-03-16 13:22:53 +00:00
tas deleted branch fix/insecure-registry-config 2026-03-16 13:22:54 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
CICD LeSerjant tas
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: tas/major_tom#22
Delete Branch "fix/insecure-registry-config"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?