argo-kube-notifier icon indicating copy to clipboard operation
argo-kube-notifier copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

/etc/ssl/cert mounted from AWS EKS returns in x509 error when trying to POST

Open bjmask opened this issue 4 years ago • 2 comments

Describe the bug /etc/ssl/cert folder mounted from host on AWS EKS

actual error: "x509: failed to load system roots and no roots provided

To Reproduce Steps to reproduce the behavior:

  1. Spin up application with SS on AWS EKS
  2. Apply dummy rule to always notify

Expected behavior /etc/ssl/certs from any host should work, removing the hostmount for /etc/ssl/certs and apt installing ca-certificates allows for a successful CURL to test the webhook integration.

bjmask avatar May 13 '20 14:05 bjmask

@andres-de-castro On some OS distributions certain files in /etc/ssl/certs are sym-linked to files in /etc/pki/ca-trust. If you only mount /etc/ssl/certs from the host into the pod then the symlinks can break. Maybe this is the same issue you are facing. The solution for me was to mount both /etc/ssl/certs and /etc/pki/ca-trust from the host into the pods.

A better solution might be to rebuild the container image with the ca-certificates package pre-installed.

rosskusler avatar May 15 '20 04:05 rosskusler

Should we change the Dockerfile to build from ca-certificates ?

bjmask avatar May 15 '20 16:05 bjmask