Flux: insecure localhost:5000 image registry scanned with `https`

nevermind...it was only in the warming phase...but still

Have to reopen, as that is a big issue: how will weave detect my new images?

You can specify hosts with which to use HTTP rather that HTTPS, using the flag --registry-insecure-host.
Are you running the registry in the same pod as the flux daemon?

This is the exact error:

caller=warming.go:125 component=warmer canonical_name=localhost:5000/api auth={map[]} err="Get https://localhost:5000/v2/: dial tcp 127.0.0.1:5000: connect: connection refused"

@squaremo: of course my registry is deployed with that flag, otherwise I could not even use it with that image name ;)

So it is already available, it's just that flux has some custom scanning part that does not know about these conventions

It's as easy as matching hostname against localhost or 127.0.0.1, and scan with http. I can check if I can do a PR, but expect it to be programmed in Go, which is not my forte

Ok, I am using helm and finally found what you were referring to: registry.insecureHosts :)

Does using that flag mean the registry is scanned OK? localhost is going to mean different things in different places, and I'd expect that to cause problems.

No, because localhost:5000 is accessible by docker does not mean it is queriable at localhost from inside a container....hmmm

could we introduce another flag that simply provides the real insecure registry's endpoint (like registry.mynamespace) and scan that?

All else being equal, I think you're better off giving the registry a hostname that's resolvable by both Kubernetes and fluxd, and using that in the image names. That'll help if you ever move the registry to somewhere other than the (single?) Kubernetes node.

Yeah, I just did :] Should have in the first place.

Tnx for helping!