Bug 2053408 - Tekton task fails with SSL error
Summary: Tekton task fails with SSL error
Keywords:
Status: NEW
Alias: None
Product: Red Hat OpenShift Pipelines
Classification: Red Hat
Component: pipelines
Version: 1.5
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Vincent Demeester
QA Contact: Ruchir Garg
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-02-11 08:44 UTC by aharchin
Modified: 2023-07-21 23:14 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description aharchin 2022-02-11 08:44:25 UTC
Description of problem:

Customers are unable to git clone anymore via pipeline. It shows SSL certificate chain problem.

Where are you experiencing the behavior? What environment?
xample from the Pod:
======================
$ git clone https://gitlab.corp.redhat.com/paas/spoke-platform-management.git
Cloning into 'spoke-platform-management'...
fatal: unable to access 'https://gitlab.corp.redhat.com/paas/spoke-platform-management.git/': SSL certificate problem: self signed certificate in certificate chain

Notes
====================
In the pod which is executing the git clone, we have:

- name: SSL_CERT_DIR
value: /tekton-custom-certs

And red hat root CA is present in /tekton-custom-certs/ca-bundle.crt. The trusted bundle is taken from cm/config-trusted-cabundle, using the config.openshift.io/inject-trusted-cabundle="true" method to request trusted bundle from the cluster.

Here the pipeline:
https://console-openshift-console.apps.mpp-e1-preprod.syvu.p1.openshiftapps.com/pipelines/ns/paas-pipeline-examples--pipeline/pipeline-runs

Workaround:
GIT_SSL_CAINFO=/tekton-custom-certs/ca-bundle.crt git clone https://gitlab.corp.redhat.com/paas/spoke-platform-management.git

Version-Release number of selected component (if applicable):



Actual results:

Git clone fails with Tekton task fails with SSL error

Expected results:

git clone should work

Additional info:

Red Hat OpenShift Pipelines 1.5.2


Note You need to log in before you can comment on or make changes to this bug.