Add custom certs - x509 signed by unknown authority

GoogleContainerTools / distroless

🥑 Language focused docker images, minus the operating system.

Apache License 2.0

18.91k stars 1.16k forks source link

Add custom certs - x509 signed by unknown authority #668

Open kotyara85 opened 3 years ago

kotyara85 commented 3 years ago

Hello, We have our own CA In my docker file I have a step to add certs. -

FROM debian AS certs
RUN apt update && apt install curl -y
RUN curl <CERT> -o /usr/local/share/ca-certificates/<CERT> && update-ca-certificates

FROM gcr.io/distroless/static:nonroot
WORKDIR /
COPY --from=certs /etc/ssl/certs /etc/ssl/certs
USER nonroot:nonroot

In the docker output log I see that cert was added but in the k8s controller logs I see x509 signed by unknown authority

fnmarquez commented 3 years ago

Were you able to solve this? I am having the same problem

lcmgh commented 1 year ago

I'm wondering how can I import a .pem file to the Distroless image. Besides of the problem that this does not work the command from above COPY --from=certs /etc/ssl/certs /etc/ssl/certs copies all certs from the base image instead of only the ones from the .pem