Description of problem:

Customers are unable to git clone anymore via pipeline. It shows SSL certificate chain problem.

Where are you experiencing the behavior? What environment?
xample from the Pod:
======================
$ git clone https://gitlab.corp.redhat.com/paas/spoke-platform-management.git
Cloning into 'spoke-platform-management'...
fatal: unable to access 'https://gitlab.corp.redhat.com/paas/spoke-platform-management.git/': SSL certificate problem: self signed certificate in certificate chain

Notes
====================
In the pod which is executing the git clone, we have:

- name: SSL_CERT_DIR
value: /tekton-custom-certs

And red hat root CA is present in /tekton-custom-certs/ca-bundle.crt. The trusted bundle is taken from cm/config-trusted-cabundle, using the config.openshift.io/inject-trusted-cabundle="true" method to request trusted bundle from the cluster.

Here the pipeline:
https://console-openshift-console.apps.mpp-e1-preprod.syvu.p1.openshiftapps.com/pipelines/ns/paas-pipeline-examples--pipeline/pipeline-runs

Workaround:
GIT_SSL_CAINFO=/tekton-custom-certs/ca-bundle.crt git clone https://gitlab.corp.redhat.com/paas/spoke-platform-management.git

Version-Release number of selected component (if applicable):



Actual results:

Git clone fails with Tekton task fails with SSL error

Expected results:

git clone should work

Additional info:

Red Hat OpenShift Pipelines 1.5.2