A container running behind a K8s service fails to make network requests with the error x509: certificate signed by unknown authority.
The container is an API that serves incoming requests and makes external network requests before responding, it's running in a local K8s cluster managed by Docker desktop. The third party API being called is failing the certificate validation and Im not using a proxy or VPN.
What could be the cause of this?
I hope this helps someone else as there are many different discussions about this topic online.
The fix seems to be that when doing a multi stage docker build and using e.g. FROM golang:alpine3.14 AS build along with FROM scratch, the root certificates are not copied into the image.
adding this to the Dockerfile after the FROM scratch line removes the error.
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
This was found on this stackoverflow answer