feat(registry): Add custom ca certificate override #402
Conversation
sebimarkgraf
force-pushed
the
sm/add-ssl-custom-ca
branch
2 times, most recently
from
6cf78b3 to
5c79a31
Compare
dcantah
left a comment
dcantah
left a comment
There was a problem hiding this comment.
I'd move the tlsConfiguration parameter one spot up above the logger, I'd like to leave the logger as the last parameter. We're free to make breaking changes here until 1.0. This LGTM after, thanks!
sebimarkgraf
force-pushed
the
sm/add-ssl-custom-ca
branch
2 times, most recently
from
9bb47fa to
a75f656
Compare
Moved the |
|
@dcantah Sorry for pinging again, but I am currently cleaning up my PRs before moving into the next year. Is there anything left for me to do or is this just waiting for a good time to merge? |
|
@sebimarkgraf Nothing at all, sorry! Just been a bit backed up. Will check this in after green CI! |
|
@sebimarkgraf Sorry, do you mind rebasing on main and repushing 😅. That should fix the CI failure |
dcantah
force-pushed
the
sm/add-ssl-custom-ca
branch
from
a75f656 to
74bf462
Compare
|
Lovely, first time trying the rebase UI but we require verified signatures so that just doesn't work 😄. Just rebase and force push here and we should be good to check in |
sebimarkgraf
force-pushed
the
sm/add-ssl-custom-ca
branch
from
74bf462 to
38c6c06
Compare
|
Rebase is done :) |
2 participants
Closely related to apple/container#305 I would like to override the used SSL TrustRoots via standard env variables.
This here would add this configuration and would give an entrypoint for an implementation of 305 to provide CLI flags or similar.
This has no tests yet, as this would require setting up something like a MITM proxy when testing against a registry.
As I am unfamiliar with the codebase, I would be willing to do this, but would require a first nudge on where to best implement this.
To actually use this, we would need to add the allowed env variables to the
container system startcommand env filter.