Red Hat Bugzilla – Bug 1475868
[RFE] Provide an easier way to add a CA to the default trust in OpenShift images.
Last modified: 2017-11-27 11:13:46 EST
Description of problem:
At this time if one needs to add a CA to the default trust store of an image, they would need to build the image running.
For example if a user needs to add a Trusted CA to the docker registry for proxy pulls they would need to rebuild the image to add the ca to the image.
$ cp ca.cert your_internalCA.crt
$ cat > /tmp/dockerfile << EOF
ADD your_internalCA.crt /etc/pki/ca-trust/source/anchors
$ cd /tmp
$ sudo docker build ./ -t ExternalRegistryURL:openshift3/ose-docker-registry-custom:latest
$ sudo docker push ExternalRegistryURL:openshift3/ose-docker-registry-custom:latest
Then change the DC of the registry, changing the image to point to the image that was created:
# oc edit dc docker-registry
Looking for a way to provide a secret to an image that would automatically add the CA data to the catrust for OpenShift image.
This is also wanted for S2i builds when a proxy requires all traffic leaving to trust its CA.