[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to use extra trusted CA certs when pulling images for a builder





On Mon, Nov 11, 2019 at 2:51 PM Joel Pearson <japearson agiledigital com au> wrote:


On Tue, 12 Nov 2019 at 12:26 am, Ben Parees <bparees redhat com> wrote:


On Mon, Nov 11, 2019 at 1:17 AM Joel Pearson <japearson agiledigital com au> wrote:
Hi,

I’m trying to build an image in Openshift 4.2 where my internet has an MITM proxy. 

So trying to pull docker images fails during the build with x509 errors. 

Is there a way to provide extra trusted CA certificates to the builder?

Did you supply additional CAs via the proxy configuration?  Those should be picked up by the builder automatically when it is pulling images and I think it'd be a bug if you configured that and it's not working:

I forgot to mention that it’s a transparent proxy, in install-config.yaml I added the proxy CA to “additionalTrustBundle” which helped it install the cluster. But it just didn’t seem to apply to the builder. 

Hm, i believe it should, Adam can confirm but if it doesn't i'd consider it a bug.  I know we had a few gaps when 4.2 went out the door, it's possible this was a known limitation since we provide the first class image config mechanism to provide additional CAs for builds to use when pulling images.
 

Can I use the “trustedCA” part of the proxy configuration without actually specifying an explicit proxy?

you should be able to.  Daneyon can you confirm?  (if you can't i'd consider it a bug).

 
--
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au


--
Ben Parees | OpenShift


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]