diff options
| author | Raphael Nestler <raphael.nestler@sensirion.com> | 2018-12-17 16:26:53 +0100 |
|---|---|---|
| committer | Raphael Nestler <raphael.nestler@sensirion.com> | 2018-12-21 10:30:09 +0100 |
| commit | 68d172daec63f70c8641da574d5a1a97c8167833 (patch) | |
| tree | be003851af3170b811669542ea33ce26dc85ddf6 /doc | |
| parent | 89b0be149ec5048ded40b53b8a94859bcdd490d8 (diff) | |
| download | gitlab-ce-68d172daec63f70c8641da574d5a1a97c8167833.tar.gz | |
Explain how to use kaniko with a registry with a custom certificate
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/ci/docker/using_kaniko.md | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/doc/ci/docker/using_kaniko.md b/doc/ci/docker/using_kaniko.md index 66f0d429165..aa6b387bc58 100644 --- a/doc/ci/docker/using_kaniko.md +++ b/doc/ci/docker/using_kaniko.md @@ -57,3 +57,26 @@ build: only: - tags ``` + +## Using a registry with a custom certificate + +When trying to push to a Docker registry that uses a certificate that is signed +by a custom CA, you might get the following error: + +```sh +$ /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --no-push +INFO[0000] Downloading base image registry.gitlab.example.com/group/docker-image +error building image: getting stage builder for stage 0: Get https://registry.gitlab.example.com/v2/: x509: certificate signed by unknown authority +``` + +This can be solved by adding your CA's certificate to the kaniko certificate +store: + +```yaml + before_script: + - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json + - | + echo "-----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE-----" >> /kaniko/ssl/certs/ca-certificates.crt +``` |