英文:
How to add root CA of self-signed certificate to the actions-runner-controller
问题
以下是翻译好的内容:
也许有人知道如何将根 CA 添加到 actions-runner-controller 中吗?
值得一提的是,我对 actions-runner-controller 镜像感兴趣,而不是 actions-runner 镜像。
actions-runner-controller pod 的日志:
错误 runner 无法获取新的注册令牌 {"runner": "github-actions-runner-small-001-rw88q-nhmhq", "error": "无法创建注册令牌: 发送请求至 https://test-github.example.com/api/v3/orgs/myexample/actions/runners/registration-token/ 失败: 无法刷新安装 ID 5 的令牌: 无法从 GitHub API 获取安装 ID 5 的访问令牌: x509: 证书由未知授权机构签发"}
github.com/actions/actions-runner-controller/controllers/actions%2esummerwind%2enet.(*RunnerReconciler).updateR
它正在运行在 K3S 集群上。
Dockerfile:
FROM summerwind/actions-runner-controller
ADD ./My_Root_CA.pem /usr/local/share/my-root-ca.pem
期望:
Controller 应该信任我的 GitHub Enterprise Server 的自签名证书。
英文:
Maybe somebody knows in what way it's possible to add a root CA to the actions-runner-controller ?
It's worth mentioning that I'm interested in the actions-runner-controller image, not the actions-runner image.
Logs of actions-runner-controller pod:
ERROR runner Failed to get new registration token {"runner": "github-actions-runner-small-001-rw88q-nhmhq", "error": "failed to create registration token: Post "https://test-github.example.com/api/v3/orgs/myexample/actions/runners/registration-token/": could not refresh installation id 5's token: could not get access_tokens from GitHub API for installation ID 5: x509: certificate signed by unknown authority"}
github.com/actions/actions-runner-controller/controllers/actions%2esummerwind%2enet.(*RunnerReconciler).updateR
It's running on K3S cluster.
Thanks in advance,
Dockerfile:
FROM summerwind/actions-runner-controller
ADD ./My_Root_CA.pem /usr/local/share/my-root-ca.pem
Expecting:
Controller should trust a self-signed certificate of my GitHub Enterprise Server
答案1
得分: 0
Sure, here is the translated content:
Solution:
- 创建一个包含.pem证书的configMap:
kubectl -n <namespace> create configmap <configMap-name> --from-file=my-root-ca.pem
- 将configMap附加到部署中,如以下示例:
spec:
containers:
- name: actions-runner-controller
image: someimage:v1
volumeMounts:
- name: <configMap-name>
mountPath: /etc/ssl/certs/my-root-ca.pem
subPath: my-root-ca.pem
readOnly: false
volumes:
- name: <configMap-name>
configMap:
name: <configMap-name>
英文:
Solution:
- Create a configMap with certificate in .pem:
kubectl -n <namespace> create configmap <configMap-name> --from-file=my-root-ca.pem
- Attach configMap to the deployment like in example:
spec:
containers:
- name: actions-runner-controller
image: someimage:v1
volumeMounts:
- name: <configMap-name>
mountPath: /etc/ssl/certs/my-root-ca.pem
subPath: my-root-ca.pem
readOnly: false
volumes:
- name: <configMap-name>
configMap:
name: <configMap-name>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论