diff options
| author | Evan Read <eread@gitlab.com> | 2019-01-01 23:29:16 +0000 |
|---|---|---|
| committer | Evan Read <eread@gitlab.com> | 2019-01-01 23:29:16 +0000 |
| commit | 27e7625ea7c7b3c9acc8ac511f1bdd4c8d3232f6 (patch) | |
| tree | 7d5fe9588be1200fa875918b24891786612e536d | |
| parent | 638582e00108995804d44b451197fe977fbd0f01 (diff) | |
| parent | 68d172daec63f70c8641da574d5a1a97c8167833 (diff) | |
| download | gitlab-ce-27e7625ea7c7b3c9acc8ac511f1bdd4c8d3232f6.tar.gz | |
Merge branch '53656-explain-how-to-add-custom-kaniko-certificate' into 'master'
Explain how to use kaniko with a registry with a custom certificate
Closes #53656
See merge request gitlab-org/gitlab-ce!23875
| -rw-r--r-- | doc/ci/docker/using_kaniko.md | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/doc/ci/docker/using_kaniko.md b/doc/ci/docker/using_kaniko.md index 66f0d429165..aa6b387bc58 100644 --- a/doc/ci/docker/using_kaniko.md +++ b/doc/ci/docker/using_kaniko.md @@ -57,3 +57,26 @@ build: only: - tags ``` + +## Using a registry with a custom certificate + +When trying to push to a Docker registry that uses a certificate that is signed +by a custom CA, you might get the following error: + +```sh +$ /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --no-push +INFO[0000] Downloading base image registry.gitlab.example.com/group/docker-image +error building image: getting stage builder for stage 0: Get https://registry.gitlab.example.com/v2/: x509: certificate signed by unknown authority +``` + +This can be solved by adding your CA's certificate to the kaniko certificate +store: + +```yaml + before_script: + - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json + - | + echo "-----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE-----" >> /kaniko/ssl/certs/ca-certificates.crt +``` |