Clair scanning from unsecure registries
235 views
Skip to first unread message
volker...@gmx.de
Jul 20, 2021, 6:45:37 AM7/20/21
to quay-sig
Hi,
I'm currently setting up a clair(v4.0.6) instance in combination with nexus(
3.19.0-01
).
When i try to scan an image with
When i try to scan an image with
clairctl -D report <my-nexus-repo/image:latest>
I
unfortunately
get the folling error:
error: Get "<my-nexus>/v2/": x509: certificate signed by unknown authority
2021/07/20 10:29:44 Get "<my-nexus>/v2/": x509: certificate signed by unknown authority
2021/07/20 10:29:44 Get "<my-nexus>/v2/": x509: certificate signed by unknown authority
i changed the following line in the rhsm.conf:
# Set to 1 to disable certificate validation:
insecure = 1
insecure = 1
I still get the error.
are there any other config files where i can define an unsecure registry or something else?
thanks for your help!
Volker
thanks for your help!
Volker
Daniel Messer
Jul 21, 2021, 5:47:09 AM7/21/21
to volker...@gmx.de, quay-sig
Hey Volker,
Clair will respect the SSL_CERT_DIR environment variable passed into the container to consume additional certs. The other option is to add it to the system trust store of the Clair container. In both cases you'll need the volume mount of whatever that directory is to your Clair container. The rhsm.conf is an unrelated config file which controls the behavior of the Red Hat Subscription manager.
HTH,
Daniel
--
You received this message because you are subscribed to the Google Groups "quay-sig" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quay-sig+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quay-sig/32ae8b0d-e414-4da1-9b1c-a64d63af5598n%40googlegroups.com.
Daniel Messer
Product Manager Operator Framework & Quay
Red Hat OpenShift
Reply all
Reply to author
Forward
0 new messages