UBI Helper image doesn't support custom certificates in /etc/gitlab-runner/certs
gitlab-org/gitlab-runner!2058 (merged) Added this support to the regular helper-image, but the UBI-based image has no such support. I've mounted the certs into /etc/gitlab-runner/certs but they don't show up in the CA trust bundle.
My mounted certificate:
$ oc exec -it -c helper runner-5xzp8p6s-project-13-concurrent-0xblql -- openssl x509 -in /etc/gitlab-runner/certs/gitlab-runner-issuer.crt -text \
| grep Subject:
Subject: O = Dev, CN = GitLab CA
Grepping for a known CA in CA bundle:
$ while openssl x509 -noout -text; do :; done <<<$(oc exec -it -c helper runner-5xzp8p6s-project-13-concurrent-0xblql -- cat /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem) \
| grep "CN = SecureSign RootCA11"
Issuer: C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA11
Subject: C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA11
Could not read certificate from <stdin>
Unable to load certificate
Grepping for GitLab CA in CA bundle:
$ while openssl x509 -noout -text; do :; done <<<$(oc exec -it -c helper runner-5xzp8p6s-project-13-concurrent-0xblql -- cat /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem) | grep "CN = GitLab CA"
Could not read certificate from <stdin>
Unable to load certificate