-
Notifications
You must be signed in to change notification settings - Fork 137
kfctl apply from pricate kfdef on private and enterprize github #468
Comments
/assign |
This would be very useful since some component overlays need to be private |
If you're trying to add a private github repo to your kfdef in order to specify custom versions of some applications this works now in master:
|
@pdmack @Tomcli I wonder if adding an environment variable SSL_CERT_DIR or SSL_CERT_FILE to the environment that embeds Kubeflow kfctl @AlexanderEkdahl you seemed to be the one who initiated the fix for considering http and https proxies a while ago, thank you. opendatahub-io/opendatahub-operator@16eba4a Can you tell from your perspective whether SSL_CERT_DIR and SSL_CERT_FILE, one of the two, are enough to specifiy when making plain http requests with the golang client? That is, are the changes from package x509 https://go.dev/src/crypto/x509/root_unix.go considered in the requests here https://github.com/opendatahub-io/opendatahub-operator/blob/master/pkg/kfconfig/types.go#L530 using x509.SystemCertPool implicitly? Before 2017, one needed to add it manually: https://stackoverflow.com/questions/38822764/how-to-send-a-https-request-with-a-certificate-golang keywords: caCertPool.AppendCertsFromPEM and rootCAs argument. After 2017, it should be there already in x509.loadSystemRoots If yes, that would accomplish the job of making it possible to trust enterprise PKI CAs. Kubeflow kfctl as well as opendatahub-operator are using net/http for downloading manifest files: https://github.com/devgrok/kubeflow-kfctl/blob/master/pkg/kfconfig/types.go#L508 Does that imply that SSL_CERT_DIR and SSL_CERT_FILE envs are honored when doing chain of trust validation in go? |
right now the only way we can deploy kubeflow with kfctl is if the manifest is coming from a public repository and the kfdef is either downloaded or is also a public url.
it would be useful if we added a way to download private github files using token and from enterprise github.
The text was updated successfully, but these errors were encountered: