K
Q

AKS MySQL SSL problems (nodejs,knex)

3/29/2018

I want to provide SSL CA cert for MySQL in my applications via envvars in Azure Kubernetes, but i keep getting the following error logs.

NAME: RollbackError
CODE: HANDSHAKE_SSL_ERROR
MESSAGE: unable to get local issuer certificate

I followed everything what they said in docs, I can connect to it with MySQL client from terminal, so the cert is okay.

Thats what I have in my deployment.yml:

....
env:
  - name: database__connection__ssl__ca
    value: "content_of_ssl_ca_cert_file" 
....

According to MySQL & knexjs docs for NodeJS thats the correct way to do it, it accepts strings not files or path for the file. Anyone any ideas?

So, I finally managed to solve this 'trivial' issue.

....
    env:
      - name: database__connection__ssl__ca
        value: "-----BEGIN CERTIFICATE-----\n...\n...\n...-----END CERTIFICATE-----" 
....

Breaklines were needed.

-- Kristóf Iváncza
azure
azure-aks
kubernetes
mysql
ssl

Similar Questions

Kube-dns always in pending state
kubectl create yml config doesn't create with headers/generator v1
Metabase slow down kubernetes cluster
Localhost Registry in Kubernetes - distribute certificates

1 Answer

4/3/2018

I already edited the question, but here is the solution:

....
    env:
      - name: database__connection__ssl__ca
        value: "-----BEGIN CERTIFICATE-----\n...\n...\n...-----END CERTIFICATE-----" 
....

Breaklines are needed, when you want to copy the content from the cert file and provide it via envvars as string. -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- also have to be there.

-- Kristóf Iváncza
Source: StackOverflow