You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When the lifecycle is launched as a pod, the following error is reported during the ANALYZING phase as the go-containerregistry tries to access a secured docker registry which is not running within the kubernetes cluster and where the certificate has been signed by an unknow authority
...
4 of 11 buildpacks participating
paketo-buildpacks/ca-certificates 3.6.1
paketo-buildpacks/node-engine 1.5.0
paketo-buildpacks/npm-install 1.1.0
paketo-buildpacks/node-start 1.0.7
===> ANALYZING
Warning: Platform requested deprecated API '0.4'
ERROR: failed to initialize analyzer: getting previous image: connect to repo store "kind-registry.local:5000/snowdrop/sample-nodejs:latest": Get "https://kind-registr
y.local:5000/v2/": x509: certificate signed by unknown authority; Get "http://kind-registry.local:5000/v2/": net/http: HTTP/1.x transport connection broken: malformed
HTTP response "\x15\x03\x01\x00\x02\x02"
Proposed solution
Lifecycle should expose additional variables able to configure how it will communicate as client with the container registry:
SECURE_REGISTRY: true/false
REGISTRY_USERNAME: key mounted from a secret
REGISTRY_PASSOWRD: key mounted from a secret
REGISTRY_CA_CERTIFICATE: path to access the certificate mounted as volume
cmoulliard
changed the title
[Suggestion] Support selfsigned certificate when lifecycle is started as$$
[Suggestion] Support selfsigned certificate when lifecycle is launched as a pod
May 2, 2023
Description
When the lifecycle is launched as a pod, the following error is reported during the ANALYZING phase as the go-containerregistry tries to access a secured docker registry which is not running within the kubernetes cluster and where the certificate has been signed by an unknow authority
Proposed solution
Lifecycle should expose additional variables able to configure how it will communicate as client with the container registry:
Additional context
go-container and x.509 unknow certificate authority issue: https://github.com/google/go-containerregistry/issues?q=is%3Aissue+x509%3A+certificate+signed+by+unknown+authority
The text was updated successfully, but these errors were encountered: