K
Q

certificate signed by unknown authority Kubernetes Engine

9/25/2018

When I deploy a docker image to Kubernetes Engine,

enter image description here the pods can't be initialize, pods are just making a simple get request to https://jsonplaceholder.typicode.com/ code

I get an error message certificate signed by unknown authority

enter image description here

-- John Balvin Arias
containers
go
google-cloud-platform
google-kubernetes-engine
kubernetes

Similar Questions

Kubernetes nginx Ingress configuration not working for Grafana
Kubernetes open /run/flannel/subnet.env: no such file or directory
Using RBAC Network Filter to block ingress or egress to/from service in Envoy Proxy
Capture Helm Package name once it is formed
Kubernetes ExternalDNS is not creating record set in Azure DNS Zone
getting a No such file or directory error with Kubernetes cronjob and dockerfile
Kubernetes DNS lookg not working from worker node - connection timed out; no servers could be reached
how to deploy code quality in GKE cluster where pipeline is on kubernetes executor

1 Answer

9/25/2018

From the comments in your question, I expect you are running up against the common problem of Alpine base images not being populated with the ca-certificates package, which contains a number of root CA certificates to anchor your root of trust.

Add the following command to your Dockerfile to ensure these are installed in the produced image:

RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*

(we run multiple operations in a single RUN step to avoid introducing unnecessary bloat in the layers of your final image).

Base images which include the CA certificates package are also available in the container registry (although with this statement I make no claims as to their suitability or provenance).

-- Cosmic Ossifrage
Source: StackOverflow