On Mon, Nov 11, 2019 at 2:51 PM Joel Pearson <japear...@agiledigital.com.au> wrote:
> > > On Tue, 12 Nov 2019 at 12:26 am, Ben Parees <bpar...@redhat.com> wrote: > >> >> >> On Mon, Nov 11, 2019 at 1:17 AM Joel Pearson < >> japear...@agiledigital.com.au> wrote: >> >>> Hi, >>> >>> I’m trying to build an image in Openshift 4.2 where my internet has an >>> MITM proxy. >>> >>> So trying to pull docker images fails during the build with x509 errors. >>> >>> Is there a way to provide extra trusted CA certificates to the builder? >>> >> >> Did you supply additional CAs via the proxy configuration? Those should >> be picked up by the builder automatically when it is pulling images and I >> think it'd be a bug if you configured that and it's not working: >> >> https://docs.openshift.com/container-platform/4.2/networking/enable-cluster-wide-proxy.html#nw-proxy-configure-object_config-cluster-wide-proxy >> > > >> <https://docs.openshift.com/container-platform/4.2/networking/enable-cluster-wide-proxy.html#nw-proxy-configure-object_config-cluster-wide-proxy> >> > I forgot to mention that it’s a transparent proxy, in install-config.yaml > I added the proxy CA to “additionalTrustBundle” which helped it install > the cluster. But it just didn’t seem to apply to the builder. > Hm, i believe it should, Adam can confirm but if it doesn't i'd consider it a bug. I know we had a few gaps when 4.2 went out the door, it's possible this was a known limitation since we provide the first class image config mechanism to provide additional CAs for builds to use when pulling images. > > Can I use the “trustedCA” part of the proxy configuration without > actually specifying an explicit proxy? > you should be able to. Daneyon can you confirm? (if you can't i'd consider it a bug). > -- > Kind Regards, > > Joel Pearson > Agile Digital | Senior Software Consultant > > Love Your Software™ | ABN 98 106 361 273 > p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au > -- Ben Parees | OpenShift
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
