[英]Unable to access local certificate on kubernetes cluster
I have a node application running in a container that works well when I run it locally on docker.我有一个在容器中运行的节点应用程序,当我在 docker 上本地运行它时,它运行良好。
When I try to run it in my k8 cluster, I get the following error.当我尝试在我的 k8 集群中运行它时,我收到以下错误。
kubectl -n some-namespace logs --follow my-container-5d7dfbf876-86kv7
> code@1.0.0 my-container /src
> node src/app.js
Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1486:34)
at TLSSocket.emit (events.js:315:20)
at TLSSocket._finishInit (_tls_wrap.js:921:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:695:12) {
code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
}
This is strange as the only I run the container with这很奇怪,因为我唯一运行容器
command: ["npm", "run", "consumer"]
I have also tried adding to my Dockerfile我也尝试添加到我的 Dockerfile
npm config set strict-ssl false
as per the recommendation here: npm install error - unable to get local issuer certificate but it doesn't seem to help.根据此处的建议: npm 安装错误 - 无法获得本地颁发者证书,但似乎没有帮助。
So it should be trying to authenticate this way.所以它应该尝试以这种方式进行身份验证。
I would appreciate any pointers on this.我将不胜感激有关此的任何指示。
Here is a copy of my.yaml file for completeness.为了完整起见,这里是 my.yaml 文件的副本。
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: label
name: label
namespace: some-namespace
spec:
replicas: 1
selector:
matchLabels:
name: lable
template:
metadata:
labels:
name: label
spec:
containers:
- name: label
image: some-registry:latest
resources:
limits:
memory: 7000Mi
cpu: '3'
ports:
- containerPort: 80
command: ["npm", "run", "application"]
env:
- name: "DATABASE_URL"
valueFrom:
secretKeyRef:
name: postgres
key: DBUri
- name: "DEBUG"
value: "*,-babel,-mongo:*,mongo:queries,-http-proxy-agent,-https-proxy-agent,-proxy-agent,-superagent,-superagent-proxy,-sinek*,-kafka*"
- name: "ENV"
value: "production"
- name: "NODE_ENV"
value: "production"
- name: "SERVICE"
value: "consumer"
volumeMounts:
- name: certs
mountPath: /etc/secrets
readOnly: true
volumes:
- name: certs
secret:
secretName: certs
items:
- key: certificate
path: certificate
- key: key
path: key
It looks that the pod is not mounting the secrets in the right place.看起来 pod 没有将秘密安装在正确的位置。 Make sure that.spec.volumeMounts.mountPath is pointing on the right path for the container image.
确保 .spec.volumeMounts.mountPath 指向容器映像的正确路径。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.