OpenShift Pods or Builds Do Not Trust System Certificates
Issue
- We have a corporate inspecting proxy that uses an internally signed certificate.
- All web traffic must pass through this proxy and since it's content inspecting, all web traffic ends up signed with this internal certificate
- I've put our internal root CA chain into the ca-trust on every node but now the actual builds are also failing for the sample JS and Python apps
npm ERR! code UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! unable to verify the first certificate
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR! <https://github.com/npm/npm/issues>;
npm ERR! Please include the following file with any support request:
npm ERR! /opt/app-root/src/npm-debug.log
error: build error: non-zero (13) exit code from registry.access.redhat.com/rhscl/nodejs-6-rhel7@sha256:65d0bcbfd601587ca17f231b324a851d86566ea5938a3ca1467344f3aeb49299
- How can I get an internal root CA to be trusted? (or SSL connections to be insecure?)
Cloning "https://github.com/openshift/django-ex.git" ...
. . .
---> Installing dependencies ...
Collecting django<1.12,>=1.11 (from -r requirements.txt (line 1))
Could not find a version that satisfies the requirement django<1.12,>=1.11 (from -r requirements.txt (line 1)) (from versions: )
No matching distribution found for django<1.12,>=1.11 (from -r requirements.txt (line 1))
error: build error: non-zero (13) exit code from registry.access.redhat.com/rhscl/python-35-rhel7@sha256:b6a0b374557448025afc592959254610f402434730d4f3616d3bf081e50f8453
Environment
- Red Hat OpenShift Container Platform
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.