Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(RHTAPWATCH-1171): support custom cert in clair-scan #1266

Merged
merged 1 commit into from
Aug 13, 2024
Merged

feat(RHTAPWATCH-1171): support custom cert in clair-scan #1266

merged 1 commit into from
Aug 13, 2024

Conversation

yftacherzog
Copy link
Member

Support mounting a custom ca-bundle to allow the clair-scan task to use a registry with a self-signed certificate.

@avi-biton
Copy link
Contributor

lgtm

chmeliik
chmeliik reviewed Aug 12, 2024
View reviewed changes
task/clair-scan/0.1/clair-scan.yaml Outdated
- name: trusted-ca
mountPath: /etc/pki/tls/certs/ca-custom-bundle.crt
subPath: ca-bundle.crt
readOnly: true
- name: conftest-vulnerabilities
Copy link
Contributor

@chmeliik chmeliik Aug 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a specific reason not to add the volume to the conftest-vulnerabilities step? If there isn't, it may be better to put the volumeMounts in the stepTemplate to make sure it applies to all steps

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no objections to add it that way. I'll give it a try.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@yftacherzog yftacherzog force-pushed the RHTAPWATCH-1171-clair-scan-custom-ca branch from 8c9a86f to e4b8c05 Compare August 13, 2024 09:13
@yftacherzog
feat(RHTAPWATCH-1171): support custom cert in clair-scan
a0d942c 
Support mounting a custom ca-bundle to allow the clair-scan
task to use a registry with a self-signed certificate.

Signed-off-by: Yftach Herzog <[email protected]>
@yftacherzog yftacherzog force-pushed the RHTAPWATCH-1171-clair-scan-custom-ca branch from e4b8c05 to a0d942c Compare August 13, 2024 09:14
@mmorhun mmorhun added this pull request to the merge queue Aug 13, 2024
Merged via the queue into konflux-ci:main with commit c3427c8 Aug 13, 2024
9 checks passed
@rh-tap-build-team rh-tap-build-team bot mentioned this pull request Aug 13, 2024
Closed
@yftacherzog yftacherzog deleted the RHTAPWATCH-1171-clair-scan-custom-ca branch August 15, 2024 11:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chmeliik chmeliik chmeliik left review comments

@avi-biton avi-biton avi-biton approved these changes

@mmorhun mmorhun mmorhun approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yftacherzog @avi-biton @mmorhun @chmeliik