我有一个在容器中运行的节点应用程序,当我在docker上本地运行它时,它运行得很好。
当我尝试在我的k8集群中运行它时,我得到了以下错误。
kubectl -n some-namespace logs --follow my-container-5d7dfbf876-86kv7
> [email protected] my-container /src
> node src/app.js
Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1486:34)
at TLSSocket.emit (events.js:315:20)
at TLSSocket._finishInit (_tls_wrap.js:921:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:695:12) {
code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
}字符串
这很奇怪,因为我唯一的集装箱
command: ["npm", "run", "consumer"]型
我还尝试向Dockerfile中添加
npm config set strict-ssl false型
按照这里的建议:npm install error - unable to get local issuer certificate,但它似乎没有帮助。
所以它应该尝试以这种方式进行身份验证。
如果你能给我点建议我会很感激的。
这里是我的.yaml文件的完整副本。“
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: label
name: label
namespace: some-namespace
spec:
replicas: 1
selector:
matchLabels:
name: lable
template:
metadata:
labels:
name: label
spec:
containers:
- name: label
image: some-registry:latest
resources:
limits:
memory: 7000Mi
cpu: '3'
ports:
- containerPort: 80
command: ["npm", "run", "application"]
env:
- name: "DATABASE_URL"
valueFrom:
secretKeyRef:
name: postgres
key: DBUri
- name: "DEBUG"
value: "*,-babel,-mongo:*,mongo:queries,-http-proxy-agent,-https-proxy-agent,-proxy-agent,-superagent,-superagent-proxy,-sinek*,-kafka*"
- name: "ENV"
value: "production"
- name: "NODE_ENV"
value: "production"
- name: "SERVICE"
value: "consumer"
volumeMounts:
- name: certs
mountPath: /etc/secrets
readOnly: true
volumes:
- name: certs
secret:
secretName: certs
items:
- key: certificate
path: certificate
- key: key
path: key型
1条答案
按热度按时间axkjgtzd1#
看起来pod没有将secret挂载在正确的位置。确保
.spec.volumeMounts.mountPath指向容器镜像的正确路径。