Question & Answer
Question
The SSL certificate verification error occurred when I tried to access git repositories over SSL and the server provides a self-signed certificate. I can run git config --global http.sslverify false within the asset-files-api pod to disable SSL verification, but this setting is get reset when the pod restarted. Could you tell me how to make this setting persistent?
Answer
Use following steps to keep git config --global http.sslverify false setting persistent, so this setting will be enabled after the asset-files-api pod get restarted.
[Steps]
1) Check the asset-files api pod
# oc get pod |grep files
asset-files-api-7c5c776677-phd4f 1/1 Running 0 5d21h
2) Back up the deployment setting of asset-files pod
# oc get deploy asset-files-api -o yaml > /tmp/asset-files-api-deploy-9827.yaml
# cat /tmp/asset-files-api-deploy-9827.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
cloudpakId: eb9998dcc5d24e3eb5b6fb488f750fe2
cloudpakName: IBM Cloud Pak for Data
deployment.kubernetes.io/revision: "2"
...
3) Edit sset-files-api-deploy deployment
# oc edit deploy asset-files-api
4) Add following setting
Before:
Before:
...
image: image-registry.openshift-image-registry.svc:5000/zen/asset-files-api:v3.5.5_080621
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
...
After:
...
image: image-registry.openshift-image-registry.svc:5000/zen/asset-files-api:v3.5.5_080621
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- git config --global http.sslCAInfo /etc/certificate/certificate.pem;
git config --global user.email "@bhp.com"
livenessProbe:
failureThreshold: 5
...
5) Save the deployment, and confirmed the new pod is up and running
# oc get pod |grep files
asset-files-api-657f7d4d5-gwm82 0/1 Running 0 18s
asset-files-api-7c5c776677-phd4f 1/1 Running 0 5d21h
NOTE:The workaround is intended to be used for demo or test environment. Removing the SSL verification disproves the whole concept of having SSL implemented. Use proper CA signed certificate on production environment.
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHUT6","label":"IBM Watson Studio Premium Cartridge for IBM Cloud Pak for Data"},"ARM Category":[{"code":"a8m0z000000Gp4cAAC","label":"Installation->Post-installation tasks"}],"ARM Case Number":"TS006627040","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
01 September 2021
UID
ibm16485877