Skip to content

Add Support for Private/Self-Signed Certificates in Wave #946

Description

@mp-seqera

Problem

Wave build pods fail when pushing images to private container registries that use self-signed or private CA certificates.

Error:

failed to push harbor.com/wave/build:c29474515a9fd3c1:
tls: failed to verify certificate: x509: certificate signed by unknown authority

Current Situation

  • Wave does not currently support private CA SSL certificates (confirmed in docs)
  • The issue occurs in the BuildKit container during the image push phase
  • Certificates need to be trusted by BuildKit when pushing to private registries

Impact

Customers deploying self-hosted Wave with private container registries (Harbor, etc.) using custom certificates are blocked from using Wave's build and push functionality.

Technical Details

The certificate needs to be available to:

  1. The Wave backend service
  2. The BuildKit daemon/container that performs the actual build and push operations

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions