Reputation: 23
I wanted to do tagging from internal registry (ImageStream) to external Registry (nexus) in which it resides in different namespace from the build namespace. However the external registry is using a self-signed certificate.
Unlike docker/podman/skopeo we can use --insecure-skip-tls-verify=false
how would i use the simmilar type of command to skip the verification during the push to the registry?
Below is my build config:
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
namespace: "{{ .Values.namespace }}"
name: "{{ .Values.appname }}-tag"
spec:
source:
type: Binary
strategy:
type: Source
sourceStrategy:
from:
kind: ImageStreamTag
name: "{{ .Values.appname }}:{{ .Values.tag | default .Chart.AppVersion }}"
output:
to:
kind: DockerImage
name: "{{ .Values.imageRepository.nexusRepository }}/{{ .Values.appname }}:{{ .Values.tag | default .Chart.AppVersion }}"
pushSecret:
name: nexuscred
error: build error: Failed to push image: trying to reuse blob sha256:ca19c1d8b6a56d82b4d9cc9ee30899ce07641f8ba17831ffd074240384f32cb0 at destination: pinging container registry repo-ih.aws001.uobkayhian.com: Get "https://repo-ih.aws001.test.com/v2/": tls: failed to verify certificate: x509: certificate is valid for *.apps.bbb-bbb.jtbq.p1.openshiftapps.com, api.bbb-bbb.jtbq.p1.openshiftapps.com, rh-api.bbb-bbb.jtbq.p1.openshiftapps.com, not repo-ih.aws001.bbb.com error: the build bbb-prod/deposit-test-tag-1 status is "Failed"
i tried to find resolution googling and i cant find i tried to use env variable it does not work.
Upvotes: 0
Views: 109