There was major refactoring of OpenShift provider in AntomicApp 0.3.0.
In that version provider stopped using oc command and started using
OpenShift API directly.
In this version we permanently disabled TLS/SSL verification.
Now with 0.3.1 TLS/SSL verification is enabled by default and there are options that allow user to add CA certificate or disable verification completely.
AtomicApp uses requests library. Certificates are validated against Mozilla CA Certificate List using certifi project.
-
providercafile- If your https API endpoint isn't signed by trusted CA. You can use this option to provide path to your CA certificate. -
providertlsverify- By setting this to False you can disable TLS/SSL verification. (default is True)
Both options can be set using answers.conf file or via command line options.
Example answers.conf:
[general]
provider = openshift
providerapi = https://127.0.0.1:8443
accesstoken = sadfasdfasfasfdasfasfasdfsafasfd
namespace = mynamespace
providertlsverify = True
providercafile = /etc/myca/ca.pem
Example of disabling verification using command line argument:
atomic run myapp --provider=openshift --providertlsverify=True
When using native execution
(oc new-app) to run Nulecule application on OpenShift you can pass command line arguments via environment
variable ATOMICAPP_APPEND_ARGS.
Example:
oc new-app myapp --grant-install-rights -e ATOMICAPP_APPEND_ARGS='--providertlsverify=False'