search

wso2 / k8s-api-operator

API Operator for Kubernetes
Apache License 2.0
115 stars 48 forks source link

Push APIs to HTTPS registry without ignore TLS - x509: certificate signed by unknown authority #597

Closed renuka-fernando closed 3 years ago

renuka-fernando commented 3 years ago

Description:

1. Deploy APIs to HTTPS registry

Without applying the following kaniko args, should be able to deploy the API.

kanikoArguments: |
--skip-tls-verify
--skip-tls-verify-registry
--skip-tls-verify-pull

SOLUTION Kaniko pod should be included with the crt of HTTPS registry.

2. Update Docs

Update docs for including certs when deploying APIs to HTTPS (this is need when the operator is trying to check if the API already exists in the repository).

  1. Include the cert of the docker registry to the ca-bundle with existing certs.
  2. Add a volume as below to the operator.yaml 
    spec:
  serviceAccountName: api-operator
  containers:
    - name: api-operator
      # Replace this with the built image name
      image: testRepo/k8s-api-operator:1.2.2
      command:
      - api-operator
      imagePullPolicy: Always
      env:
        - name: WATCH_NAMESPACE
          value: ""
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: OPERATOR_NAME
          value: "api-operator"
      volumeMounts:
        - name: certs
          mountPath: /etc/ssl/certs/ca-bundle.crt
          subPath: ca-bundle.crt
  volumes:
    - name: certs
      configMap:
        name: certs

Affected Product Version: API Operator 1.2.2