无法访问Kubernetes集群上的本地证书

b1zrtrql  于 2023-11-17  发布在  Kubernetes
关注(0)|答案(1)|浏览(173)

我有一个在容器中运行的节点应用程序,当我在docker上本地运行它时,它运行得很好。
当我尝试在我的k8集群中运行它时,我得到了以下错误。

kubectl -n some-namespace logs --follow my-container-5d7dfbf876-86kv7
> [email protected] my-container /src
> node src/app.js
Error: unable to get local issuer certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1486:34)
    at TLSSocket.emit (events.js:315:20)
    at TLSSocket._finishInit (_tls_wrap.js:921:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:695:12) {
  code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
}

字符串
这很奇怪,因为我唯一的集装箱

command: ["npm", "run", "consumer"]


我还尝试向Dockerfile中添加

npm config set strict-ssl false


按照这里的建议:npm install error - unable to get local issuer certificate,但它似乎没有帮助。
所以它应该尝试以这种方式进行身份验证。
如果你能给我点建议我会很感激的。
这里是我的.yaml文件的完整副本。“

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    name: label
  name: label
  namespace: some-namespace
spec:
  replicas: 1
  selector:
    matchLabels:
      name: lable
  template:
    metadata:
      labels:
          name: label
    spec:
      containers:
      - name: label
        image: some-registry:latest
        resources:
          limits:
            memory: 7000Mi
            cpu: '3'
        ports:
          - containerPort: 80 
        command: ["npm", "run", "application"]
        env:
          - name: "DATABASE_URL"
            valueFrom:
              secretKeyRef:
                name: postgres
                key: DBUri
          - name: "DEBUG"
            value: "*,-babel,-mongo:*,mongo:queries,-http-proxy-agent,-https-proxy-agent,-proxy-agent,-superagent,-superagent-proxy,-sinek*,-kafka*"
          - name: "ENV"
            value: "production"
          - name: "NODE_ENV"
            value: "production"
          - name: "SERVICE"
            value: "consumer"
        volumeMounts:
          - name: certs
            mountPath: /etc/secrets
            readOnly: true
      volumes:
        - name: certs
          secret:
            secretName: certs
            items:
            - key: certificate
              path: certificate
            - key: key
              path: key

axkjgtzd

axkjgtzd1#

看起来pod没有将secret挂载在正确的位置。确保.spec.volumeMounts.mountPath指向容器镜像的正确路径。

相关问题