[single-cluster/eks] Support for self-signed certificates #12979
Description
Bug description
The new single cluster eks reference guide does not seem to support self-signed certificates.
The image build fails with the following error:
cannot pull image: rpc error: code = Unknown desc = failed to pull and unpack image "reg.be9c7-aws.tests.gitpod-self-hosted.com:20000/remote/33cbe75c-6aba-4bca-b64e-bbaaee0cf2be:latest": failed to resolve reference "reg.be9c7-aws.tests.gitpod-self-hosted.com:20000/remote/33cbe75c-6aba-4bca-b64e-bbaaee0cf2be:latest": failed to do request: Head https://reg.be9c7-aws.tests.gitpod-self-hosted.com:20000/v2/remote/33cbe75c-6aba-4bca-b64e-bbaaee0cf2be/manifests/latest: x509: certificate signed by unknown authority
This seems to because of the containerd on the node is not configured to trust the self-signed gitpod registry. This causes the image pulls to fail.
Support for self-signed worked in the gitpod-eks-guide because of us using custom built AMI images, that seems to configure containerd in a specific way to reload certs as per
Steps to reproduce
This was found through the new self-signed test being written #12910
Run
werft run github -f -s .werft/installer-tests.ts -j .werft/eks-installer-tests.yaml -a debug=true -a self-signed=true -a skipTests=true -a preview=true
from the PR workspace, and see that the build fails. Manually creating the EKS environment, and passing the certs should also give the same.