I’m trying to build an image in Openshift 4.2 where my internet has an MITM proxy.
So trying to pull docker images fails during the build with x509 errors.
Is there a way to provide extra trusted CA certificates to the builder?
Did you supply additional CAs via the proxy configuration? Those should be picked up by the builder automatically when it is pulling images and I think it'd be a bug if you configured that and it's not working:
I forgot to mention that it’s a transparent proxy, in install-config.yaml I added the proxy CA to “additionalTrustBundle” which helped it install the cluster. But it just didn’t seem to apply to the builder.
Hm, i believe it should, Adam can confirm but if it doesn't i'd consider it a bug. I know we had a few gaps when 4.2 went out the door, it's possible this was a known limitation since we provide the first class image config mechanism to provide additional CAs for builds to use when pulling images.
Can I use the “trustedCA” part of the proxy configuration without actually specifying an explicit proxy?
you should be able to. Daneyon can you confirm? (if you can't i'd consider it a bug).