nasrul sufihaq
nasrul sufihaq

Reputation: 23

openshift build to push external registry with self-signed certificate

I wanted to do tagging from internal registry (ImageStream) to external Registry (nexus) in which it resides in different namespace from the build namespace. However the external registry is using a self-signed certificate.

Unlike docker/podman/skopeo we can use --insecure-skip-tls-verify=false

how would i use the simmilar type of command to skip the verification during the push to the registry?

Below is my build config:

apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
  namespace: "{{ .Values.namespace }}"
  name: "{{ .Values.appname }}-tag"
spec:
  source:
    type: Binary
  strategy:
    type: Source
    sourceStrategy:
      from:
        kind: ImageStreamTag
        name: "{{ .Values.appname }}:{{ .Values.tag | default .Chart.AppVersion }}"
  output:
    to:
      kind: DockerImage
      name: "{{ .Values.imageRepository.nexusRepository }}/{{ .Values.appname }}:{{ .Values.tag | default .Chart.AppVersion }}"
    pushSecret:
      name: nexuscred

error: build error: Failed to push image: trying to reuse blob sha256:ca19c1d8b6a56d82b4d9cc9ee30899ce07641f8ba17831ffd074240384f32cb0 at destination: pinging container registry repo-ih.aws001.uobkayhian.com: Get "https://repo-ih.aws001.test.com/v2/": tls: failed to verify certificate: x509: certificate is valid for *.apps.bbb-bbb.jtbq.p1.openshiftapps.com, api.bbb-bbb.jtbq.p1.openshiftapps.com, rh-api.bbb-bbb.jtbq.p1.openshiftapps.com, not repo-ih.aws001.bbb.com error: the build bbb-prod/deposit-test-tag-1 status is "Failed"

i tried to find resolution googling and i cant find i tried to use env variable it does not work.

Upvotes: 0

Views: 109

Answers (0)

Related Questions