2

When I deploy a docker image to Kubernetes Engine,

enter image description here the pods can't be initialize, pods are just making a simple get request to https://jsonplaceholder.typicode.com/ code

I get an error message certificate signed by unknown authority

enter image description here

John Balvin Arias
  • 2,632
  • 3
  • 26
  • 41
  • How do you create your container image? Do you use a Docker image which is empty (e.g. `scratch` or similar) and so won't have a root certificates bundle present? – Cosmic Ossifrage Sep 25 '18 at 22:21
  • FROM alpine COPY backend /backend CMD ["/backend"] RUN chmod 755 /backend – John Balvin Arias Sep 25 '18 at 22:35
  • command CMD ["/backend"] RUN chmod 755 /backend is because I had another problem https://stackoverflow.com/questions/52488927/permission-denied-when-deploying-docker-image-to-kubernetes-engine – John Balvin Arias Sep 25 '18 at 22:36
  • did you build backend Windows again? what's the command you are using to build the binary? – Rico Sep 25 '18 at 23:04
  • yes, I would want to avoid do it in linux, now I just have one computer and in order to make the linux binary I'll need to install in my pc and I'm scared to erase all data in my computer, command to deploy: gcloud builds submit --config cloudbuild.yaml . – John Balvin Arias Sep 25 '18 at 23:11
  • commands to build the binary: 1) set GOSS=linux 2)set GOARCH=amd64 3)go build – John Balvin Arias Sep 25 '18 at 23:14
  • also I tried to build the binary with cloud build but I couldn't, I tried many combinations and any worked https://stackoverflow.com/questions/52410487/how-to-build-a-docker-image-using-cloud-build-with-sdk-in-local-machine-without – John Balvin Arias Sep 25 '18 at 23:16
  • You need `set GOOS` – this won't fix your problem, and I assume it's a typo in your comment. – Cosmic Ossifrage Sep 25 '18 at 23:28
  • Make sure you're installing the `ca-certificates` bundle in your alpine-sourced container. Add `RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*` to your `Dockerfile`, after the `RUN chmod` command (although order is mostly irrelevant). – Cosmic Ossifrage Sep 25 '18 at 23:32
  • 1
    @CosmicOssifrage my bad, actually I indeed did: "set GOOS=linux" I just typed wrong here, I'll try that solution – John Balvin Arias Sep 25 '18 at 23:41

1 Answers1

5

From the comments in your question, I expect you are running up against the common problem of Alpine base images not being populated with the ca-certificates package, which contains a number of root CA certificates to anchor your root of trust.

Add the following command to your Dockerfile to ensure these are installed in the produced image:

RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*

(we run multiple operations in a single RUN step to avoid introducing unnecessary bloat in the layers of your final image).

Base images which include the CA certificates package are also available in the container registry (although with this statement I make no claims as to their suitability or provenance).

Cosmic Ossifrage
  • 4,977
  • 29
  • 30