Open tgquan67 opened 4 months ago
I believe this relates to https://github.com/google/go-containerregistry/issues/211 as we use GGCR to access the registry image. Setting SSL_CERT_FILE
on the host should allow pack
to access the image, but you would also need to set SSL_CERT_FILE
in the builder image and mount in the cert directory (pack build --volume
) for the lifecycle
to access it.
Related lifecycle issue: https://github.com/buildpacks/lifecycle/issues/1077
@natalieparellano I believe that SSL_CERT_FILE
points to a root certificate in the case that your server is using a self-signed cert. What I need in my case is support for client certificate which is used by the proxy to verify the user identity. It was mentioned in this comment https://github.com/google/go-containerregistry/issues/211#issuecomment-1904205891
What I need in my case is support for client certificate
Apologies for my hasty reading of the linked issue. I think we'd need the changes implemented upstream before we can fix it on our end
Blocking on needed changes upstream
Summary
I have a private docker registry placed behind a proxy that requires client certificate. I setup my docker CLI according to https://docs.docker.com/engine/security/certificates/, and I can login to, pull from and push to it as normal. However with pack-cli, I can only connect to the registry if I bypass the proxy and connect to the registry directly.
The builder is named
private-registry.example.com/builder/test:latest
with the following config:Reproduction
Steps
pack build my-image --builder private-registry.example.com/builder/test:latest --path .
Current behavior
Expected behavior
This is what happens when I bypass the proxy
Environment
pack info
docker info