distroless icon indicating copy to clipboard operation
distroless copied to clipboard
verified publisher icon GoogleContainerTools

Add custom certs - x509 signed by unknown authority

Open kotyara85 opened this issue 4 years ago • 2 comments

Hello, We have our own CA In my docker file I have a step to add certs. -

FROM debian AS certs
RUN apt update && apt install curl -y
RUN curl <CERT> -o /usr/local/share/ca-certificates/<CERT> && update-ca-certificates

FROM gcr.io/distroless/static:nonroot
WORKDIR /
COPY --from=certs /etc/ssl/certs /etc/ssl/certs
USER nonroot:nonroot

In the docker output log I see that cert was added but in the k8s controller logs I see x509 signed by unknown authority

kotyara85 avatar Jan 04 '21 17:01 kotyara85

Were you able to solve this? I am having the same problem

fnmarquez avatar Jun 03 '21 19:06 fnmarquez

I'm wondering how can I import a .pem file to the Distroless image. Besides of the problem that this does not work the command from above COPY --from=certs /etc/ssl/certs /etc/ssl/certs copies all certs from the base image instead of only the ones from the .pem

lcmgh avatar Nov 04 '22 12:11 lcmgh