Spinnaker + private docker registry with self-signed certificates


#1

Hi, I’m using openshift kubernetes and installed Spinnaker on top of it. I’m using a private Docker registry with self-signed certificates. I have installed spinnaker using helm charts since the environment doesn’t allow public internet access.
However, clouddriver when trying to access/fetch image tag from registry giving the following error:

2018-07-12 09:13:26.695 ERROR 1 — [ecutionAction-4] .d.r.p.a.DockerRegistryImageCachingAgent : Could not load tags for pdeep/sample-java-app
retrofit.RetrofitError: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have tried adding the docker certificate at /etc/ssl/certs/ca-certificates.crt in clouddriver pod but didn’t worked.

Please let me know how to allow clouddriver access private docker registry with self-signed certificate. Is there any specific path where it is looking for certificate? Do I need to add Bearer token ?

Thanks


#2

Got solution for the aforementioned problem. Enable okHttpClient in clouddriver.yaml and add certificate to the keystore and truststore.