containerregistry icon indicating copy to clipboard operation
containerregistry copied to clipboard
verified publisher icon google

Add support for custom cacert

Open pboutes opened this issue 7 years ago • 2 comments

Hello everybody,

I've closed this previous PR (#88) because I did not sync my fork with the upstream. So sorry for that.

this PR allows us to override cacerts that are used for all http communications, that is really useful to communicate with a private registry for example. There are already PRs about that (#39, #52) but they seem to be incomplete.

Here we basically define a new transport.Factory() class that will be able to add custom parameters (such as ca_certs, ...), and then pass it to the underlying httplib2.Http transport.

The CA can be override by using --cacert flag. If no flag is passed, we will use the default one CA embedded with the httplib2.

Example for pusher :

bazel run @containerregistry//:pusher.par -- --name="custom.registry/myimage:latest" --tarball="${PWD}/myimage.tar" --cacert="path_to_custom_crt"

pboutes avatar Jul 09 '18 13:07 pboutes

Hi there,

We would love to be able to use this at work, where we have a registry with a cert signed by an internal CA. Any chance this can get integrated at some point?

EdSchouten avatar Sep 04 '18 08:09 EdSchouten

Friendly ping.

EdSchouten avatar Oct 09 '18 07:10 EdSchouten