-
Bug
-
Resolution: Done
-
Major
-
Pipelines 1.4
-
None
-
False
-
False
-
Undefined
-
Expected behavior
Pipeline using jib-maven pushing to internal OpenShift registry with a self-signed certificate works out of the box.
Actual behavior
Pipeline fails on certificate validation
[INFO] Containerizing application to image-registry.openshift-image-registry.svc:5000/default/console-java-simple... [WARNING] Base image 'gcr.io/distroless/java:8' does not use a specific image digest - build may not be reproducible [INFO] Getting manifest for base image gcr.io/distroless/java:8... [INFO] Building resources layer... [INFO] Building classes layer... [INFO] Using credentials from Docker config (/tekton/creds/.docker/config.json) for image-registry.openshift-image-registry.svc:5000/default/console-java-simple [ERROR] I/O error for image [image-registry.openshift-image-registry.svc:5000/default/console-java-simple]: [ERROR] javax.net.ssl.SSLHandshakeException [ERROR] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [INFO] Using base image with digest: sha256:1e569cb980bcb1b8fc9db5d887240fe5b7d1cc722e601c0b3e68cdc65d66f1a9
Steps to reproduce
- oc create -f https://raw.githubusercontent.com/ppitonak/cluster-tasks-tests/release-1.4/pvc.yaml
- oc create -f https://raw.githubusercontent.com/ppitonak/cluster-tasks-tests/release-1.4/jib-maven/pipeline.yaml
- oc create -f https://raw.githubusercontent.com/ppitonak/cluster-tasks-tests/release-1.4/jib-maven/tests/run.yaml
- tkn pr logs -f --last
Notes
- simple workaround is to set INSECUREREGISTRY=true in task params
- this docs describes how to use self-signed certificates with jib
