kaniko icon indicating copy to clipboard operation
kaniko copied to clipboard
verified publisher icon GoogleContainerTools

Client TLS

Open aceeric opened this issue 3 years ago • 2 comments

Not a bug report. This is regarding closed ticket: https://github.com/GoogleContainerTools/kaniko/issues/1106/.

Looking at the related code: https://github.com/GoogleContainerTools/kaniko/blob/1395e4682f80bf4286513392220597dcca60ce1c/pkg/util/transport_util.go#L77

The --registry-certificate flag enables one to provide a root CA to validate the remote registry's server certificate.

In the case where the remote registry supports authorizing a client to push based on the client's certificate (e.g. via the certificate's distinguished name), this would require kaniko to support something like --client-certificate-path=/path/to/my-npe-cert-and-key (for example).

Has there been any consideration to implementing such a feature?

Thank you.

aceeric avatar Jun 08 '22 17:06 aceeric

I am also interested in a solution to this problem

knolldan avatar Jul 07 '22 13:07 knolldan

I had a go at this in #2180, I'm using my own image to perform mTLS authentication with kaniko.

fernferret avatar Aug 13 '22 07:08 fernferret