[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to use extra trusted CA certs when pulling images for a builder



On Tue, 12 Nov 2019 at 12:26 am, Ben Parees <bparees redhat com> wrote:


On Mon, Nov 11, 2019 at 1:17 AM Joel Pearson <japearson agiledigital com au> wrote:
Hi,

I’m trying to build an image in Openshift 4.2 where my internet has an MITM proxy. 

So trying to pull docker images fails during the build with x509 errors. 

Is there a way to provide extra trusted CA certificates to the builder?

Did you supply additional CAs via the proxy configuration?  Those should be picked up by the builder automatically when it is pulling images and I think it'd be a bug if you configured that and it's not working:
https://docs.openshift.com/container-platform/4.2/networking/enable-cluster-wide-proxy.html#nw-proxy-configure-object_config-cluster-wide-proxy

I forgot to mention that it’s a transparent proxy, in install-config.yaml I added the proxy CA to “additionalTrustBundle” which helped it install the cluster. But it just didn’t seem to apply to the builder. 

Can I use the “trustedCA” part of the proxy configuration without actually specifying an explicit proxy?
--
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]