Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client Certificate Authentication #1106

Closed
rbkaspr opened this issue Mar 4, 2020 · 5 comments
Closed

Client Certificate Authentication #1106

rbkaspr opened this issue Mar 4, 2020 · 5 comments
Milestone
Release v1.0.0

Comments

@rbkaspr
Copy link

rbkaspr commented Mar 4, 2020

Does Kaniko support the concept of authenticating to a secure registry using client TLS certificates?

For reference, looking for something similar to this: https://docs.docker.com/engine/security/certificates/
@tejal29
Copy link
Contributor

tejal29 commented Mar 7, 2020
edited
Loading

@rbkaspr @antechrestos did some great work to add a new flag -registry-certificate
#1037

I am going to get this in next release v0.19.0

I am going to mark this as duplicate of #1100

@tejal29 tejal29 closed this as completed Mar 7, 2020
@tejal29 tejal29 added this to the Release v1.0.0 milestone Mar 7, 2020
@Jonher937
Copy link

Hi, #1037 does not seem to address the issue that the author describes, I believe this should be re-opened @tejal29
The link to the docker documentation does not match what --registry-certificate does.

From my understanding the --registry-certificate allows you to pass a certificate that is used in the check of the registry's certificate, if the passed and the actual certificate matches we ignore the CA author because the passed and actual certificate is what we expect.

What the author requests is the functionality to inherit or being able to pass a certificate + private key to be used for TLS authentication against the registry endpoint (Client certificate Authentication).

@rbkaspr
Copy link
Author

rbkaspr commented Aug 13, 2021
edited
Loading

@Jonher937 is correct, I am asking for information on how to have Kaniko authenticate with a registry using client certificates rather than a username and password, which is something my organization requires.

@rbkaspr
Copy link
Author

rbkaspr commented Aug 13, 2021

@tejal29 Can this issue be reopened, or does Kaniko support this functionality now?

@theycallmeloki
Copy link

theycallmeloki commented Sep 2, 2021
edited
Loading

+1, I too would love the ability to authenticate purely with a certificate without a username-password combination, this might be related to this fixed issue

This is mostly because I followed instructions for a quick install trow registry and am able to build and push with certificates stored in /etc/docker/certs.d for both regular docker as well as the buildx docker builders

Kaniko however does not seem to accept just a certificate and insists on being presented with a username and password authentication scheme to push images into the registry

@aceeric aceeric mentioned this issue Jun 8, 2022
Closed
@fernferret fernferret mentioned this issue Jul 24, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Release v1.0.0
Development

No branches or pull requests
4 participants
@Jonher937 @tejal29 @theycallmeloki @rbkaspr