-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for additional certificates in the generated pongo test image #453
Comments
why would the |
It is Python specific, from my experience each app might behave differently when it comes to certificates, and since Pongo is using httpie which is written in Python, it is required, as Python doesn't use the system certificates by default - it requires explicitly adding them. This can be done using the Note - this might only be required for mac - see https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/build-installer.py#L239-L246 |
yes, |
so could we add the certs to |
hmmm... maybe not. The So we'd need to add a system-pongo directory for config options. |
As Pongo Dockerimage extends Kong - I assume the same will be needed in other images, in which case don't you think adding the ca-certs in the kong base-image and propagating them as user supplied argument or some other means from every derived tool is better? |
Does that mean you will add the certificates into the pongo repository instead of letting users pass them as env vars / command line arguments? I think something like |
But then it might be better to generate a custom Kong image (not a Pongo responsibility), and pass that in as $KONG_IMAGE. Though #454 indicates that it might have issues... |
@tomereli have you considered using the |
At PayPal, we have corporate proxies for which IT pre-installs the self-signed certificates in all laptops and working stations.
pongo run
fails due to this - withSSL: CERTIFICATE_VERIFY_FAILED - self signed certificate in chain
.To fix this, need to add
ce-certificates
to theRUN apt install
line in the Dockerfile, copy the self-signed certificates to the image, runupdate-ca-certificates
and addENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
to the Dockerfile.Need to add support to inject the certificates to the CLI - perhaps this should be in the kong base image even, I'll let the Kong team decide.
The text was updated successfully, but these errors were encountered: