Import Custom CA Cert in planet/docker

Hi
I am trying to run Gravity behind the SQUID proxy that is intercepting traffic, I configured the http proxy proxy using RuntimeEnvironment setting , and it works perfectly, problems come when trying to run a new redis pod, I am not able to pull docker images, not sure it is issue with planet or docker?

root@ip-10-151-17-242:/home/ubuntu# gravity shell
                                                    
ip-10-151-17-242:/$ docker pull bitnami/redis
Using default tag: latest
Error response from daemon: Get https://registry-1.docker.io/v2/: remote error: tls: handshake failure
   $ gravity version
   Version:	6.1.29
 
  docker version
Client: Docker Engine - Community
 Version:           18.09.9
 API version:       1.39
 Go version:        go1.11.13
 Git commit:        039a7df9ba
 Built:             Wed Sep  4 16:50:02 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.9
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.11.13
  Git commit:       039a7df9ba
  Built:            Wed Sep  4 16:55:50 2019
  OS/Arch:          linux/amd64
  Experimental:     false

Inside the container the proxy-specific environment is stored into a separate file /etc/proxy-environment and should have effect for all commands executed from the shell. Can you check whether it has the configuration you provided in RuntimeEnvironment? I would also check whether registry-1.docker.io is resolving to the proper address inside the container.

Hi
Resolution is ok, issue is pulling in docker image due to custom CA, cert

gravity shell
ip-10-151-17-242:/$ cat  /etc/proxy-environment
HTTP_PROXY="10.151.20.176:3128"
http_proxy="10.151.20.176:3128"
HTTPS_PROXY="10.151.20.176:3128"
https_proxy="10.151.20.176:3128"
NO_PROXY="0.0.0.0/0,.local"

ip-10-151-17-242:/$ docker pull bitnami/redis
Using default tag: latest
Error response from daemon: Get https://registry-1.docker.io/v2/: remote error: tls: handshake failure

ip-10-151-17-242:/$ nslookup registry-1.docker.io
Server:		127.0.0.2
Address:	127.0.0.2#53

Non-authoritative answer:
Name:	registry-1.docker.io
Address: 18.232.227.119
Name:	registry-1.docker.io
Address: 35.174.73.84
Name:	registry-1.docker.io
Address: 34.195.246.183
Name:	registry-1.docker.io
Address: 52.1.121.53
Name:	registry-1.docker.io
Address: 107.23.149.57
Name:	registry-1.docker.io
Address: 23.22.155.84
Name:	registry-1.docker.io
Address: 3.211.199.249
Name:	registry-1.docker.io
Address: 52.54.232.21

exit

Creating a test pod, unable to pull the image due to cert issue

root@ip-10-151-17-242:/home/ubuntut# cat test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: redis-test
spec:
  containers:
    - name: test-container
      image: bitnami/redis


root@ip-10-151-17-242:/home/ubuntu# kubectl apply -f test.yaml
pod/redis-test created

root@ip-10-151-17-242:/home/ubuntu# kubectl get po
NAME                                                    READY   STATUS             RESTARTS   AGE
redis-test                                              0/1     ImagePullBackOff   0          3s

root@ip-10-151-17-242:/home/ubuntu/ssl_cert# kubectl describe pod redis-test
Name:         redis-test
Namespace:    default
Priority:     0
Node:         10.151.17.242/10.151.17.242
Start Time:   Fri, 18 Sep 2020 15:34:40 +0000
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"redis-test","namespace":"default"},"spec":{"containers":[{"image":"bi...
              kubernetes.io/psp: connector-network-file-share
Status:       Pending
IP:           10.244.23.126
Containers:
  test-container:
    Container ID:
    Image:          bitnami/redis
    Image ID:
    Port:           <none>
    Host Port:      <none>
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-k5mnw (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  default-token-k5mnw:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-k5mnw
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason     Age                From                    Message
  ----     ------     ----               ----                    -------
  Normal   Scheduled  13s                default-scheduler       Successfully assigned default/redis-test to 10.151.17.242
  Warning  Failed     12s                kubelet, 10.151.17.242  Failed to pull image "bitnami/redis": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: remote error: tls: handshake failure
  Warning  Failed     12s                kubelet, 10.151.17.242  Error: ErrImagePull
  Normal   BackOff    11s (x2 over 12s)  kubelet, 10.151.17.242  Back-off pulling image "bitnami/redis"
  Warning  Failed     11s (x2 over 12s)  kubelet, 10.151.17.242  Error: ImagePullBackOff
  Normal   Pulling    0s (x2 over 13s)   kubelet, 10.151.17.242  Pulling image "bitnami/redis"

Did you check if by chance you’re having some ciphers issues?

A few hints here: https://github.com/docker/for-win/issues/2922