/etc/ssl/cert mounted from AWS EKS returns in x509 error when trying to POST

Question

/etc/ssl/cert mounted from AWS EKS returns in x509 error when trying to POST

bjmask opened this issue 5 years ago · 2 comments

Describe the bug
/etc/ssl/cert folder mounted from host on AWS EKS

actual error: "x509: failed to load system roots and no roots provided

To Reproduce
Steps to reproduce the behavior:

Spin up application with SS on AWS EKS
Apply dummy rule to always notify

Expected behavior
/etc/ssl/certs from any host should work, removing the hostmount for /etc/ssl/certs and apt installing ca-certificates allows for a successful CURL to test the webhook integration.

Answer 1 · 2020-05-15T04:01:44.000Z

@andres-de-castro On some OS distributions certain files in /etc/ssl/certs are sym-linked to files in /etc/pki/ca-trust. If you only mount /etc/ssl/certs from the host into the pod then the symlinks can break. Maybe this is the same issue you are facing. The solution for me was to mount both /etc/ssl/certs and /etc/pki/ca-trust from the host into the pods.

A better solution might be to rebuild the container image with the ca-certificates package pre-installed.

Answer 2 · 2020-05-15T16:50:53.000Z

Should we change the Dockerfile to build from ca-certificates ?