Closed chris-vest closed 8 months ago
Do you have the root certificate in your trust store which is required to access the plugin download page?
If you created a trust store with just your own certificate and nothing else then you only trust websites which are using that one.
Do you have the root certificate in your trust store which is required to access the plugin download page?
If you created a trust store with just your own certificate and nothing else then you only trust websites which are using that one.
I only set the javax.net.ssl.trustStore
after trying without that configuration, but failed both ways.
Do I need to create a trust store for this to work? With version 2.1.0
of the chart I didn't need to do anything with trust stores.
I just saw that you tried to configure a trust store that's why I pointed it out:
-Djavax.net.ssl.trustStore="/opt/java/openjdk/lib/security/cacerts"
-Djavax.net.ssl.trustStorePassword=""
It should work without.
I've tried this with lots of different images, and all of them fail - that's without setting anything related to the trustStore. Any help would be appreciated. :pray:
I think you need to set the cacerts
password. The default password for cacerts
is changeit
.
-Djavax.net.ssl.trustStore="/opt/java/openjdk/lib/security/cacerts"
-Djavax.net.ssl.trustStorePassword="changeit"
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.
@timja can be closed
Describe the bug
When the init container starts up to download the plugins, the following happens:
Version of Helm and Kubernetes:
Helm Version:
Kubernetes Version:
Which version of the chart:
3.5.10
What happened:
Upon deployment, the init container starts up and attempts to download the plugins, however seems to fail with the following:
infra-jenkins-0 init Unable to resolve plugin URL https://archives.jenkins.io/plugins/warnings/latest/warnings.hpi, or download plugin warnings to file: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What you expected to happen:
I would have expected the init container to download the plugins successfully, without
ssl
errors.How to reproduce it (as minimally and precisely as possible):
values.yaml
:Anything else we need to know:
I tried with both the
jdk11
andlts-jdk11
Jenkins instances.Initially I ran the upgrade without this configuration, but then added it later after confirming that this is the correct path to the truststore in the
lts-jdk11
base image:I have a feeling that there's something obvious I'm missing, but I can't figure out what that is. Any help appreciated.