Microk8s Insecure Registry not working

Hi Guys,

I’m configuring my microk8s and I’m having a stranger issue and don’t know anymore how to check it… I know the configurations are ok… at least, it should.

I have a registry I can access only as HTTP (insecure), if I point to my browser, I can see the HTTPS is not accessible but HTTP is (/v2/_catalog)

So, I configured the /var/snap/microk8s/current/args/containerd-template.toml with the following:

          endpoint = ["https://registry-1.docker.io"]
          endpoint = ["http://localhost:32000"]
          endpoint = ["http://myregistry.domain.com:5000"]

restarted microk8s:

microk8s stop
microk8s start

tried to pull the image:

microk8s ctr --debug images pull myregistry.domain.com:5000/image:latest

DEBU[0000] fetching                                      image="myregistry.domain.com:5000/image:latest"
DEBU[0000] resolving                                    
DEBU[0000] do request                                    request.headers=map[Accept:[application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, *]] request.method=HEAD url="https://myregistry.domain.com:5000/v2/image/manifests/latest"
ctr: failed to resolve reference "myregistry.domain.com:5000/image:latest": failed to do request: Head "https://myregistry.domain.com:5000/v2/image/manifests/latest": http: server gave HTTP response to HTTPS client

He is still trying to access the HTTPS…

Can someone help me here?

Seems like microk8s is not picking up the updated file…

Ps.: I don’t have docker installed or anything, I’m using only the microk8s

Those are the addons installed:

microk8s is running
dashboard: enabled
dns: enabled
helm: enabled
registry: enabled
storage: enabled
cilium: disabled
fluentd: disabled
gpu: disabled
helm3: disabled
ingress: disabled
istio: disabled
jaeger: disabled
knative: disabled
kubeflow: disabled
linkerd: disabled
metallb: disabled
metrics-server: disabled
prometheus: disabled
rbac: disabled

Hi @cetiberiojr

Have you looked at [1]?

Also, to talk to an http registry with ctr I think you should use the --plain-http flag.

[1] https://microk8s.io/docs/registry-private