While going over Getting Started on Okteto Cloud with PHP tutorial and getting the “certificate signed by unknown authority” error when running okteto init. I believe it’s related to the custom zscaler CA that our company defines.
How can I have okteto cli to trust custom CA? As far as I understand it's developed in golang, but setting SSL_CERT_FILE and SSL_CERT_DIR with the location of the certificates didn't help.
➜ php-getting-started git:(main) okteto init
i Using … @ cloud.okteto.com as context
✓ Okteto manifest (okteto.yml) deploy and build configured successfully
? Do you want to launch your development environment? [Y/n]: y
i Building ‘Dockerfile’ in tcp://buildkit.cloud.okteto.net:443…
[+] Building 0.0s (0/0)
x Error building service ‘hello-world’: error building image ‘registry.cloud.okteto.net/.../php-hello-world:1.0.0’: build failed: failed to dial gRPC: rpc error: code = Unavailable desc = connection error: desc = “transport: authentication handshake failed: x509: certificate signed by unknown authority”
This is not supported on the latest build (2.15.3), but is scheduled to be released on the next.
The fix is already merged, and available on the dev channel:
export OKTETO_CHANNEL=dev
curl https://get.okteto.com -sSfL | sh
https://community.okteto.com/t/allowing-custom-certificates-in-okteto-cli/828 has more information on this.