"Outstanding partner certificate marked as not trusted by user" in Openshift3
If the S2I - Source for Image resource in Openshift3 tries to connect to the TLS Gitlab repository, the following message is displayed: "The outstanding partner certificate has been marked as not trusted by the user."
How can I instruct Openshift3 which certification bodies can use there? Is there a config / option to work around this error?
Injected command:
oc new-app tomcat~https://gitlab.xxx/test/test.git --name=test --strategy=docker
source to share
I suppose you can add the secret to BuildConfig or disable TLS checking by setting the environment variable GIT_SSL_NO_VERIFY
to false
in BuildConfig. Check the docs here for more information.
To pipe this directly to the command oc new-app
runoc new-app --build-env GIT_SSL_NO_VERIFY=false
source to share
Alternatively, I would suggest just importing the root CA to check if the TLS is correct. Do not try to talk to all the reasons for which it should be should be , but that's how you do it:
1) Take the root certificate file.
If you are using an internal Gitlab instance, whoever installed it should tell you the root CA they are using.
2) Create a new secret with the certificate file
#oc secrets new [secret name] ca.crt=[local .crt file]
oc secrets new tls-root-ca ca.crt=my-it-ca.crt
3) Attach your newly created secret to your build config
#oc patch bc/[build config name] --patch '{ "spec": {"source": { "sourceSecret": { "name": "[secret name]" } } } }'
oc patch bc/my-build --patch '{ "spec": {"source": { "sourceSecret": { "name": "tls-root-ca" } } } }'
If you're unfamiliar with the patch command, it simply adds a "sourceSecret" block like this:
source:
git:
uri: https://your.gitlab.org/your-app
sourceSecret:
name: tls-root-ca
source to share