-
Notifications
You must be signed in to change notification settings - Fork 568
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
flux bootstrap git
cannot clone repo with custom CA certificate
#1775
Comments
Max raised this issue yesterday via Slack and when we looked into it, we found that go-git was not configured to use the CA cert, but apparently could be. He is working on a PR to make this possible as a bootstrap-time configuration, this should fix another edge case where certain configurations cannot use bootstrap. 💯 Thanks for looking into this @makkes |
makkes
pushed a commit
to makkes/flux2
that referenced
this issue
Sep 1, 2021
When a user provided the `--ca-file` flag to the `bootstrap` command, the given CA file wasn't taken into account for cloning the repository locally. It was just passed along to the CR that is created so Flux can make use of it when cloning the repository in-cluster. However, users may not want to add a custom CA to their local host's trust chain and may expect the `--ca-file` flag to be respected also for cloning the repository locally. This is what this commit accomplishes. closes fluxcd#1775 Signed-off-by: Max Jonas Werner <mail@makk.es>
5 tasks
makkes
pushed a commit
that referenced
this issue
Nov 7, 2021
When a user provided the `--ca-file` flag to the `bootstrap` command, the given CA file wasn't taken into account for cloning the repository locally. It was just passed along to the CR that is created so Flux can make use of it when cloning the repository in-cluster. However, users may not want to add a custom CA to their local host's trust chain and may expect the `--ca-file` flag to be respected also for cloning the repository locally. This is what this commit accomplishes. closes #1775 Signed-off-by: Max Jonas Werner <mail@makk.es>
1 task
souleb
pushed a commit
to souleb/flux2
that referenced
this issue
Jul 10, 2023
When a user provided the `--ca-file` flag to the `bootstrap` command, the given CA file wasn't taken into account for cloning the repository locally. It was just passed along to the CR that is created so Flux can make use of it when cloning the repository in-cluster. However, users may not want to add a custom CA to their local host's trust chain and may expect the `--ca-file` flag to be respected also for cloning the repository locally. This is what this commit accomplishes. closes fluxcd#1775 Signed-off-by: Max Jonas Werner <mail@makk.es>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
I'm running into a problem bootstrapping a repository served from a custom CA:
The ca.crt file, however, contains the certificate that was used to sign the git server's certificate.
Steps to reproduce
Expected behavior
Bootstrapping works properly.
Screenshots and recordings
No response
OS / Distro
Ubuntu 20.04.3
Flux version
0.17
Flux check
► checking prerequisites
✔ kubectl 1.20.2 >=1.18.0-0
✔ Kubernetes 1.21.1 >=1.16.0-0
► checking controllers
✔ helm-controller: deployment ready
► ghcr.io/fluxcd/helm-controller:v0.11.2
✔ kustomize-controller: deployment ready
► ghcr.io/fluxcd/kustomize-controller:v0.14.0
✔ notification-controller: deployment ready
► ghcr.io/fluxcd/notification-controller:v0.16.0
✔ source-controller: deployment ready
► ghcr.io/fluxcd/source-controller:v0.15.4
✔ all checks passed
Git provider
No response
Container Registry provider
No response
Additional context
Discussion on Slack
Code of Conduct
The text was updated successfully, but these errors were encountered: