CSO to trust self signed certificate for private quay registry

Question

CSO to trust self signed certificate for private quay registry

gorantornqvist opened this issue 5 years ago · 3 comments

Hi,
I have installed CSO and added an image from my private quay registry.

Look like CSO cant connect to the private quay registry since I see this error in the operator logs:

level=error msg="Failed to sync layer data" key=quay/quay-clair-test-2-5ggnj err="Get https://quay.apps.mydomain.com/.well-known/app-capabilities: x509: certificate signed by unknown authority"

Is there a way to set an "insecure" option or to add additional CA certs to CSO?

Answer 1 · 2021-02-02T14:32:45.000Z

Same issue with the Quay Container Security v3.3.4.

Answer 2 · 2021-02-02T15:02:37.000Z

Fix: In the same namespace as the operator, create a secret called container-security-operator-extra-certs that contains the CA. Then restart the operator.

Answer 3 · 2021-02-02T15:24:06.000Z

Thanks, works!