fabric8
fabric8 copied to clipboard
Can't find valid certification path
javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://172.30.0.2:443/api/v1/namespaces/default/pods: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:557) at org.apache.cxf.jaxrs.client.AbstractClient.preProcessResult(AbstractClient.java:539) at org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:676) at org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:224) at com.sun.proxy.$Proxy52.getPods(Unknown Source) at io.fabric8.kubernetes.api.KubernetesClient.getPods(KubernetesClient.java:200) at io.fabric8.kubernetes.api.KubernetesHelper.getFilteredPodMap(KubernetesHelper.java:578) at io.fabric8.kubernetes.api.KubernetesHelper.getSelectedPodMap(KubernetesHelper.java:570)
See how this is done in Jenkins app. Either set env var KUBERNETES_TRUST_CERT=true or set KUBERNETES_CA_CERTIFICATE_FILE iirc to correct path to secret (something like /etc/secret-volume/root-cert). You'll also need to ensure you run with the fabric8 service account. Jenkins app is a good example I think.
Agreed. Copy paste this in your Pom.xml to get the service account & certs https://github.com/fabric8io/quickstarts/blob/master/apps/jenkins/pom.xml#L78-L81
Then the env vars get defined here: https://github.com/fabric8io/quickstarts/blob/master/apps/jenkins/src/main/fabric8/env.properties#L2-L3
Somehow K8S api works for one user, but fails with this exception for another (shell-less username on Ubuntu).
Maybe anyone could briefly explain why this doesn't work out-of-box? I tend to think something is broken on system/jdk level.
Setting KUBERNETES_TRUST_CERT=true
as system property solved it.
I visited this issue too,while running on the latest release (v0.4.121). Fyi, the links above are broken.
Could you please provide some information how this issue can be handled? If the environment variable is the proper workaround, where should I specify it?
Having this same error on a Windows environment, setting the variable didn't solve the problem
Same problem on Mac when running within telepresence.io