10000 Make it easier to add a custom root ca in werf docker images · Issue #6606 · werf/werf · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Make it easier to add a custom root ca in werf docker images #6606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
jankoosk opened this issue Feb 5, 2025 · 3 comments
Open
1 task done

Make it easier to add a custom root ca in werf docker images #6606

jankoosk opened this issue Feb 5, 2025 · 3 comments
Labels
scope: build type: feature

Comments

@jankoosk
Copy link
jankoosk commented Feb 5, 2025

Before proceeding

  • I didn't find a similar issue

Problem

I need to add a custom root ca to the werf docker container. This is not possible atm because the docker user does not have the permission to do so.

Solution (if you have one)

Give user access to /etc/ssl/certs/ca-certificates.crt in alpine docker image or add a flag/env_var to all commands

Additional information

No response
@github-actions github-actions bot added the triage label Feb 5, 2025
@DmitrySH19
Copy link
DmitrySH19 commented Feb 7, 2025
edited
Loading

hi @jankoosk, i have the same issue

А week-long search yielded small results, A temporary solution could be as follows.

I launched werf locally in docker, login as root user and manually add cert to trust store and commit container changes and use this container for build. This solve my problem

# start container
docker run -d --name werf registry.werf.io/werf/werf:latest /bin/bash -c "sleep infinity"
# exec into container with root user
docker exec -it --user root werf /bin/bash
# do what you want
cat > /usr/local/share/ca-certificates/custom-ca.crt <<EOF
-----BEGIN CERTIFICATE-----
# insert ca here
-----END CERTIFICATE-----
EOF
# update cert
update-ca-certificates
# commit changes and push to docker repo
docker commit werf

@jankoosk
Copy link
Author
jankoosk commented Feb 7, 2025

hey @DmitrySH19, thanks for the workaround.

I still believe werf should allow this in the default image. It can not be expected from users who use self signed certificates to build their own docker images on top of werf.

@alexey-igrychev
Copy link
Member

Thanks @DmitrySH19 @jankoosk
Indeed, support for options/environment variables in werf would make sense here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scope: build type: feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexey-igrychev @DmitrySH19 @jankoosk
0