You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+12-16Lines changed: 12 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -138,6 +138,8 @@ cp .arg.template .arg
138
138
| UKI_BRING_YOUR_OWN_KEYS | Bring your own public/private key pairs if this is set to true. Otherwise, CanvOS will generate the key pair. | boolean |`false`|
139
139
| INCLUDE_MS_SECUREBOOT_KEYS | Include Microsoft 3rd Party UEFI CA certificate in generated keys | boolean |`true`|
140
140
| AUTO_ENROLL_SECUREBOOT_KEYS | Auto enroll SecureBoot keys when device boots up and is in setup mode of secure boot | boolean |`true`|
141
+
| EARTHLY_ADDITIONAL_BUILDKIT_CONFIG | Can be used to provide additional parameters to buildkit, use this when you need to retrieve your base image from a HTTP registry or a HTTPS registry with an untrusted certificate | string ||
142
+
141
143
142
144
1. (Optional) If you are building the images behind a proxy server, you may need to modify your docker daemon settings to let it use your proxy server. You can refer this [tutorial](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy).
### Using untrusted or insecure registries for Base Images
327
329
328
-
During execution process Earthly pulls Base Images (specified as `BASE_IMAGE`in .arg file) from external registries. By default, it connects to the registry via HTTPS protocol using trusted CA installed inside the container. For the cases where external registry exposed via plain HTTP or HTTPs with self-signed certificates, it is possible to configured Earthly buildkit to use HTTP or ignore untrusted certificates by using environment variable `EARTHLY_ADDITIONAL_BUILDKIT_CONFIG`.
330
+
During execution process Earthly pulls Base Images (specified as `BASE_IMAGE`in .arg file) from external registries. By default, it connects to the registry via HTTPS protocol using trusted CA installed inside the container. For the cases where external registry exposed via plain HTTP or HTTPs with self-signed certificates, it is possible to configured Earthly buildkit to use HTTP or ignore untrusted certificates by using the environment variable `EARTHLY_ADDITIONAL_BUILDKIT_CONFIG`.
329
331
330
-
For registries exposed via HTTP, use the following commands:
332
+
For registries exposed via HTTP, set the EARTHLY_ADDITIONAL_BUILDKIT_CONFIG parameter in your .arg file as follows:
331
333
```shell
332
-
$ exportEARTHLY_ADDITIONAL_BUILDKIT_CONFIG="
333
-
[registry.\"10.10.131.24:5000\"]
334
+
EARTHLY_ADDITIONAL_BUILDKIT_CONFIG='
335
+
[registry."10.10.131.24:5000"]
334
336
http = true
335
-
"
336
-
$ earthly --push +build-all-images
337
+
'
337
338
```
338
339
339
-
For registries exposed via HTTPs with self-signed certificates, use the following commands:
340
+
For registries exposed via HTTPs with self-signed certificates, set the EARTHLY_ADDITIONAL_BUILDKIT_CONFIG parameter in your .arg file as follows:
340
341
```shell
341
-
$ exportEARTHLY_ADDITIONAL_BUILDKIT_CONFIG="
342
-
[registry.\"10.10.131.24:5000\"]
342
+
EARTHLY_ADDITIONAL_BUILDKIT_CONFIG='
343
+
[registry."10.10.131.24:5000"]
343
344
insecure = true
344
-
"
345
-
$ earthly --push +build-all-images
345
+
'
346
346
```
347
347
348
-
If this configuration is no longer required, unset the variable:
349
-
350
-
```shell
351
-
$ unset EARTHLY_ADDITIONAL_BUILDKIT_CONFIG
352
-
```
348
+
Replace `10.10.131.24:5000` with the actual FQDN or IP address of your registry. A port number is only necessary when using a non-standard port.
0 commit comments