Description of problem: At this time if one needs to add a CA to the default trust store of an image, they would need to build the image running. For example if a user needs to add a Trusted CA to the docker registry for proxy pulls they would need to rebuild the image to add the ca to the image. ``` $ cp ca.cert your_internalCA.crt $ cat > /tmp/dockerfile << EOF FROM openshift3/ose-docker-registry USER root ADD your_internalCA.crt /etc/pki/ca-trust/source/anchors RUN /bin/update-ca-trust USER 1001 EOF $ cd /tmp $ sudo docker build ./ -t ExternalRegistryURL:openshift3/ose-docker-registry-custom:latest $ sudo docker push ExternalRegistryURL:openshift3/ose-docker-registry-custom:latest Then change the DC of the registry, changing the image to point to the image that was created: # oc edit dc docker-registry ``` Looking for a way to provide a secret to an image that would automatically add the CA data to the catrust for OpenShift image.
Related? https://github.com/openshift/origin/issues/1753
This is also wanted for S2i builds when a proxy requires all traffic leaving to trust its CA.
YIPPY. Excited to see movement here.
This issue has been moved to https://jira.coreos.com/browse/RFE-144