How to manage TLS certificates for registries #159
Labels
status/discussion-needed
Issue or PR that requires in-depth discussion.
Comments
|
^ In the same boat 😄 For generating the builder I've pretty much resorted to using |
|
Dropping some breadcrumbs in case I ever fix this: google/go-containerregistry#211 tl;dr go-containerregistry doesn't respect docker's self-signed certificate configuration, but you can workaround that by adding certs to your system or by using go's environment variables for adding certs. |
natalieparellano
added
the
status/discussion-needed
|
Perhaps an outcome could be that we document the workaround in some easily discoverable place? |
natalieparellano
removed
the
status/triage
|
There is an open RFC for this issue here: buildpacks/rfcs#69, and this seems pretty related to #170. I'll close it in favor of that issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Any thoughts on how to provide self-signed certificates for a registry that is targeted for builds?
This applies both to pack and to the knative buildtemplate AFAICT.
So far I have been getting
x509: certificate signed by unknown authorityerrors when building against a registry that is using self-signed certificates.The text was updated successfully, but these errors were encountered: