Explain how to use kaniko with a registry with a custom certificate

68d172da · Raphael Nestler · 89b0be14 · 68d172da
Commit 68d172da authored Dec 17, 2018 by Raphael Nestler
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 0 deletions

doc/ci/docker/using_kaniko.md doc/ci/docker/using_kaniko.md +23 -0

No files found.
--- a/doc/ci/docker/using_kaniko.md
+++ b/doc/ci/docker/using_kaniko.md
@@ -57,3 +57,26 @@ build:
  only:
    - tags
 ```
+
+## Using a registry with a custom certificate
+
+When trying to push to a Docker registry that uses a certificate that is signed
+by a custom CA, you might get the following error:
+
+```sh
+$ /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --no-push
+INFO[0000] Downloading base image registry.gitlab.example.com/group/docker-image
+error building image: getting stage builder for stage 0: Get https://registry.gitlab.example.com/v2/: x509: certificate signed by unknown authority
+```
+
+This can be solved by adding your CA's certificate to the kaniko certificate
+store:
+
+```yaml
+  before_script:
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
+    - |
+      echo "-----BEGIN CERTIFICATE-----
+      ...
+      -----END CERTIFICATE-----" >> /kaniko/ssl/certs/ca-certificates.crt
+```