Checklist
Bug Description
When a RootSync or RepoSync is configured with GithubApp Authentication, and a custom CA cert is needed (i.e. via corporate proxy), the authentication fails with SSL errors.
The issue is the SSL_CERT_FILE env variable is not injected into the reconciler pod, only the GIT_SSL_CAINFO var is, which only applies to GIT CLI commands and not Go's net/http method used for GitHub App token request.
II have raised PR - #2141
Additional Diagnostic Information
No
Kubernetes Cluster Type/Version
- k8s version: 1.3
- Type of k8s cluster (GKE, EKS, etc): GKE
- If GKE, standard or autopilot: standard
Config Sync Version
1.23
Steps to reproduce the issue
Create a rootsync with github app auth, proxy and ca cert in the spec.
Checklist
Bug Description
When a RootSync or RepoSync is configured with GithubApp Authentication, and a custom CA cert is needed (i.e. via corporate proxy), the authentication fails with SSL errors.
The issue is the
SSL_CERT_FILEenv variable is not injected into the reconciler pod, only theGIT_SSL_CAINFOvar is, which only applies to GIT CLI commands and not Go's net/http method used for GitHub App token request.II have raised PR - #2141
Additional Diagnostic Information
No
Kubernetes Cluster Type/Version
Config Sync Version
1.23
Steps to reproduce the issue
Create a rootsync with github app auth, proxy and ca cert in the spec.