workflow icon indicating copy to clipboard operation
workflow copied to clipboard

Published 20 hours ago verified publisher icon deis

Configurable ability to add Root CA or allow unverified https to object store

Open carraher opened this issue 8 years ago • 4 comments

Need the ability to add root certificates authorities to containers that want to access object storage (database, builder, registry). This is needed to host secure-https on-prem object storage that is signed by a non-public CA.

Currently a non-public signed https object storage system results in ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

  1. Allow private/internal CAs to be added to containers.
  2. Allow https to turn off verification, similar to curl -k

carraher avatar Jan 09 '17 17:01 carraher

this was added in v2.10.0: https://github.com/deis/controller/pull/1158

Alternatively you can fork the controller and add your root CA to the cert for now.

Will that work for you?

bacongobbler avatar Jan 09 '17 17:01 bacongobbler

I just re-read your issue and the ticket I linked is different. That one is for communication from the controller to kubernetes, not from db/registry/builder to the object store. Sorry!

bacongobbler avatar Jan 10 '17 04:01 bacongobbler

If you're willing to take a crack at a PR, we'd likely accept it.

bacongobbler avatar Jan 10 '17 04:01 bacongobbler

This issue was moved to teamhephy/workflow#44

Cryptophobia avatar Mar 20 '18 20:03 Cryptophobia