-
-
Notifications
You must be signed in to change notification settings - Fork 360
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow volumes to be mounted for all plugin containers #993
Comments
I have the same issue in a Kubernetes cluster where I offload ssl at the load balancer. |
@jamu85 You can configure a custom clone step and load the ca via |
@anbraten I know that I can create the custom clone step. That's how I skip verification. But I would like to have a possibility to pass the certificate to avoid having a custom clone step. |
this would also help not only with git but other container images that does not support providing option like skip verify or anything like that |
Clear and concise description of the problem
I try to use Woodpecker with a non publicly reachable (Gitea) repository. It's using a certificate not verifyable via standard (i.e. included in standard images) CAs. I can mount /etc/ssl/certs into my woodpecker ui/agent containers, but this doesn't help with any plugins - including the one used to clone the repo, which then fails due to an SSL error.
Suggested solution
Allowing to configure a common mount for all plugin containers (maybe optionally RO) would make it possible to provide such system settings/files without requiring an admin to label every single repo as trusted and dealing with the security implications of mounting arbitrary paths via CI YAML.
This might even help with caching as as mentioned in #758 or provide other common resources.
Alternative
Additional context
No response
Validations
The text was updated successfully, but these errors were encountered: