If you encountered an issue below, your go application on EKS failed to send an HTTP request to other services.
Problem:x509: certificate signed by unknown authority
This is due to fact that your HTTP library failed to read the CA certificate in setting up SSL communication with other services. Then we can suspect missing or incorrect CA certificate is the cause of this problem.
Debug Step:
- Check your ca-certificates are packed to the Docker image or not.
- If not, you can install ca-certificates as below in the DockerFile.
RUN apk add --update --no-cache ca-certificatesIf you use multiple-stage to build go application to reduce the size of the docker image, remember to add the whole folder /etc/ssl/certs to your docker image as below.
FROM scratch
WORKDIR /COPY --from=builder /etc/ssl/certs./etc/ssl/certs
How to build a lightweight go application with CA certificates in DockerFile for EKS?
ref:
https://tyricwei.medium.com/x509-certificate-signed-by-unknown-authority-go-docker-eks-f508a49d86f6
No comments:
Post a Comment