Pushing a Docker image fails with staging error even though the docker registry IP is added to the whitelist
Article ID: 297751
Updated On:
Products
VMware Tanzu Application Service for VMs
Issue/Introduction
Symptoms:
When trying to push a docker image in PCF versions 1.12, 2.0 and 2.1, staging is faiing with "x509: cannot validate certificate for <IP_address> because it doesn't contain any IP SANs" error even though the docker registry IP has been added to the whitelist
Additional log snippets from cf push output :
builder exited with error: failed to fetch metadata from [xxxx/tomcat-7] with tag [101] and insecure registries [] due to pinging docker registry returned: Get https://<IP_address>:5000/v2/: x509: cannot validate certificate for <IP_address> because it doesn't contain any IP SANs
When trying to push a docker image in PCF versions 1.12, 2.0 and 2.1, staging is faiing with "x509: cannot validate certificate for <IP_address> because it doesn't contain any IP SANs" error even though the docker registry IP has been added to the whitelist
Additional log snippets from cf push output :
builder exited with error: failed to fetch metadata from [xxxx/tomcat-7] with tag [101] and insecure registries [] due to pinging docker registry returned: Get https://<IP_address>:5000/v2/: x509: cannot validate certificate for <IP_address> because it doesn't contain any IP SANs
Environment
Cause
This is a known issue where even though the IP address has been added in the Private Docker Insecure Registry Whitelist section, the corresponding property insecure_docker_registry_list in cloud controller job does not get set with that IP.
Resolution
The fix will be available in a future PAS release. IF you are running into this issue, please contact Pivotal Support to review your options.
Feedback
Yes
No
Powered by
