search

teamhephy / workflow

Hephy Workflow - An open source fork of Deis Workflow - The open source PaaS for Kubernetes.
MIT License
413 stars 36 forks source link

Configurable ability to add Root CA or allow unverified https to object store #44

Open Cryptophobia opened 6 years ago

Cryptophobia commented 6 years ago

From @carraher on January 9, 2017 17:40

Need the ability to add root certificates authorities to containers that want to access object storage (database, builder, registry). This is needed to host secure-https on-prem object storage that is signed by a non-public CA.

Currently a non-public signed https object storage system results in ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

1) Allow private/internal CAs to be added to containers. 2) Allow https to turn off verification, similar to curl -k

Copied from original issue: deis/workflow#690

Cryptophobia commented 6 years ago

From @bacongobbler on January 9, 2017 17:44

this was added in v2.10.0: https://github.com/deis/controller/pull/1158

Alternatively you can fork the controller and add your root CA to the cert for now.

Will that work for you?

Cryptophobia commented 6 years ago

From @bacongobbler on January 10, 2017 4:31

I just re-read your issue and the ticket I linked is different. That one is for communication from the controller to kubernetes, not from db/registry/builder to the object store. Sorry!

Cryptophobia commented 6 years ago

From @bacongobbler on January 10, 2017 4:31

If you're willing to take a crack at a PR, we'd likely accept it.