knative
working with private image registry
there are two issues to solve when working with private image registry:
- ability to access the registry through some hostalias set in task pods if using on-cluster-build
- ability to mark the ca of the registry as trusted for both local and on-cluster-builds
This is a requirement that we are trying to solve in our env where both image registry and git repository are private - there is another issue for private git repo here: https://github.com/knative/func/issues/849
I have tried to solve this in on-cluster build in following way:
for accessibility, I have configured coredns, but I'd much prefer if there is an easy way for the task pods to use hostalias. for ca
- updated the buildpacks task's "create" step (
envandvolumeMounts) andvolumessections like this:
env:
- name: DOCKER_CONFIG
value: $(workspaces.dockerconfig.path)
- name: SSL_CERT_FILE
value: /etc/registry-ce
volumeMounts:
- name: layers-dir
mountPath: /layers
- name: $(params.PLATFORM_DIR)
mountPath: /platform
- mountPath: /etc/registry-cert
name: registry-cert
volumes:
- name: empty-dir
emptyDir: {}
- name: layers-dir
emptyDir: {}
- configmap:
name: registry-cert
name: registry-cert
- created a ca cert configmap in the namespace where the tasks and pipelines are going to run:
apiVersion: v1
data:
ca.crt: |+
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
name: registry-cert
This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}