[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to use extra trusted CA certs when pulling images for a builder

On Mon, Nov 11, 2019 at 1:17 AM Joel Pearson <japearson agiledigital com au> wrote:

I’m trying to build an image in Openshift 4.2 where my internet has an MITM proxy. 

So trying to pull docker images fails during the build with x509 errors. 

Is there a way to provide extra trusted CA certificates to the builder?

Did you supply additional CAs via the proxy configuration?  Those should be picked up by the builder automatically when it is pulling images and I think it'd be a bug if you configured that and it's not working:

Barring that, you can also supply additional CAs for trusting registries (which in the case of your MITM proxy should also be effective) via the image config resource:


Pulling image registry.redhat.io/ubi7-minimal:7.7 ...

Warning: Pull failed, retrying in 5s ...

Warning: Pull failed, retrying in 5s ...

Warning: Pull failed, retrying in 5s ...

error: build error: failed to pull image: After retrying 2 times, Pull image still failed due to error: while pulling "docker://registry.redhat.io/ubi7-minimal:7.7" as "registry.redhat.io/ubi7-minimal:7.7": Error initializing source docker://registry.redhat.io/ubi7-minimal:7.7: pinging docker registry returned: Get https://registry.redhat.io/v2/: x509: certificate signed by unknown authority



Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au
users mailing list
users lists openshift redhat com

Ben Parees | OpenShift

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]