Description
This is a question/feature request.
I am currently operating minikube on a network that requires all SSL traffic to be intercepted using a root SSL certificate. Minikube is using the Virtualbox driver.
Using docker-machine and boot2docker, I was able to add my root certificate to I need to be able to append my SSL root cert to the /var/lib/boot2docker/certs directory. This does not work with the minikube ISO. What does work is appending my certificate to /etc/ssl/certs/ca-certificates.crt
I create a bootlocal.sh for this. This is the command I run from my host:
read -d '' String <<"EOF"
#!/bin/bash
grep -q '<single line from root cert>' /etc/ssl/certs/ca-certificates.crt
EXIT_CODE=\\$?
if [ \\$EXIT_CODE -ne 0 ]; then
curl http://<rootcert location>/root.cer | sudo tee -a /etc/ssl/certs/ca-certificates.crt
sudo systemctl restart docker.service
fi
EOF
echo "echo "\""${String}"\"" | sudo tee -a /var/lib/boot2docker/bootlocal.sh && sudo chmod +x /var/lib/boot2docker/bootlocal.sh && /var/lib/boot2docker/bootlocal.sh" | minikube ssh
This works fine until I restart the VM. It looks like what's happening is that bootlocal may be running first or not at all because when the machine restarts, ca-certificates.crt is back to the original state without my certificate in it.
How should I add my root SSL cert into the VM so Docker can pull from registries?
minikube version: v0.18.0
OS: OSX 10.10.5
Drivername: Virtualbox
ISO: minikube-v0.18.0.iso
Install Tools: homebrew
What happened:
Corporate root SSL certificate does not exist on the VM and is not picked up by the Docker daemon
What you expected to happen:
I expect to be able to add my root SSL certificate to the VM and have Docker be able to pick it up to validate TLS communication
How to reproduce it (as minimally and precisely as possible):
$ minikube start
< run above commandset to pull down any SSL cert >
$ minikube stop && minikube start
< verify that SSL cert does not exist in ca-certificates.crt >