A temporary solution that works
Workaround for docker insecure-registries issue on Mac
I recently had to connect to a self hosted Giltab instance and to my surprise docker my Mac M1 did not like it! I got the following error when trying to pull and image:
Error response from daemon: failed to resolve reference "my-registry.int": failed to authorize: failed to fetch oauth token: Post "https://my-registry.int/jwt/auth": tls: failed to verify certificate: x509: certificate signed by unknown authority
So then I went on to know about the insecure-registries flag. It seemed simple to apply the fix so I went on my docker desktop configuration and just applied it. I then restarted my docker engine, went to my console to pull from the insecure registry and ..... nothing. It didn't work. Checked on my ~/.docker/daemon.json config and everything was right. Played with some other options too like disabling buildkit and nothing worked.
After this set of unfortunate tries, lost almost a day on this, i had an idea! What if instead of running the docker pull my-registry.int/image:tag command from my broken docker engine I ran it INSIDE a container that had docker available? Well, hehe, turns out that container exists and it's called docker-in-docker (dind). It is commonly used for CI pipelines since you can build, tag and push images with it. This time though, we'd not use it in CI but locally to get a properly working docker console on our host.
docker run --privileged --name dind-container -d docker:20.10-dind --insecure-registry=my-registry.int
docker exec -it dind-container sh
Using docker-in-docker I was finally able to get past the issue! Hope this helps anyone tring to communicate with any registry with self signed certificates. In my case, we had a self hosted gitlab instance to connect to and could not make it work otherwise. This is not an ideal solution but it works in the meantime.
In my case, this worked because I only was pulling, tagging and pushing an image to another registry, but if you need to build with docker just throw in a volume mount with your data and you're good to go then!
