Certificate issue with Kubernetes Elastic agent
25 views
Skip to first unread message
Maxim Shaev
Sep 10, 2019, 12:37:18 PM9/10/19
to go-cd
Hello,
I cannot find any certificates in the agent container. According to the docker dind documentation, they should be in /certs directory
Does anybody know how to solve the issue with expired certificate for docker pulling in the agent?
I got an error:
[go] Task: /bin/bash -c "docker-compose build"took: 0.429sexited: 1nginx uses an image, skippingBuilding appStep 1/22 : FROM php:7.2-fpm-alpine3.8Service 'app' failed to build: Get https://registry-1.docker.io/v2/: x509: certificate has expired or is not yet validI cannot find any certificates in the agent container. According to the docker dind documentation, they should be in /certs directory
Starting in 18.09+, thedindvariants of this image will automatically generate TLS certificates in the directory specified by theDOCKER_TLS_CERTDIRenvironment variable.
Stack of versioning tools:
GoCD - 19.7.0 installing through helm to k8s cluster
Kubernetes Elastic Agent Plugin - 3.0.0-156
- based on gocd/gocd-agent-docker-dind:v19.7.0
- In the agent container Docker version 19.03.1, build 74b1e89e8a
Any thoughts?
Probably I need to generate certificates and map to the volume?
Aravind SV
Sep 11, 2019, 12:14:25 PM9/11/19
to go...@googlegroups.com
For any looking at this at some later point, there is some conversation here:
https://github.com/gocd/kubernetes-elastic-agents/issues/138
Cheers,
Aravind
On Tue, Sep 10, 2019 at 09:37:17 -0700, Maxim Shaev wrote:
> Hello,
>
> Does anybody know how to solve the issue with expired certificate for
> docker pulling in the agent?
> I got an error:
>
> [go] Task: /bin/bash -c "docker-compose build"took: 0.429sexited: 1
> nginx uses an image, skipping
> Building app
> Step 1/22 : FROM php:7.2-fpm-alpine3.8
> Service 'app' failed to build: Get https://registry-1.docker.io/v2/: x509:
> certificate has expired or is not yet valid
>
> I cannot find any certificates in the agent container. According to the
> docker dind documentation, they should be in /certs directory
> https://hub.docker.com/_/docker#tls
>
> Starting in 18.09+, the dind variants of this image will automatically
> > generate TLS certificates in the directory specified by the
> > DOCKER_TLS_CERTDIR environment variable.
>
>
> Stack of versioning tools:
> GoCD - *19.7.0* installing through helm to k8s cluster
> Kubernetes Elastic Agent Plugin - *3.0.0-156*
> You received this message because you are subscribed to the Google Groups "go-cd" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/07075d84-588b-46a4-9b24-05d2d157ca7f%40googlegroups.com.
https://github.com/gocd/kubernetes-elastic-agents/issues/138
Cheers,
Aravind
On Tue, Sep 10, 2019 at 09:37:17 -0700, Maxim Shaev wrote:
> Hello,
>
> Does anybody know how to solve the issue with expired certificate for
> docker pulling in the agent?
> I got an error:
>
> [go] Task: /bin/bash -c "docker-compose build"took: 0.429sexited: 1
> nginx uses an image, skipping
> Building app
> Step 1/22 : FROM php:7.2-fpm-alpine3.8
> Service 'app' failed to build: Get https://registry-1.docker.io/v2/: x509:
> certificate has expired or is not yet valid
>
> I cannot find any certificates in the agent container. According to the
> docker dind documentation, they should be in /certs directory
> https://hub.docker.com/_/docker#tls
>
> Starting in 18.09+, the dind variants of this image will automatically
> > generate TLS certificates in the directory specified by the
> > DOCKER_TLS_CERTDIR environment variable.
>
>
> Stack of versioning tools:
> Kubernetes Elastic Agent Plugin - *3.0.0-156*
> - based on gocd/gocd-agent-docker-dind:v19.7.0
> - In the agent container Docker version *19.03.1*, build 74b1e89e8a
>
> Any thoughts?
> Probably I need to generate certificates and map to the volume?
>
> --
> Any thoughts?
> Probably I need to generate certificates and map to the volume?
>
> You received this message because you are subscribed to the Google Groups "go-cd" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/07075d84-588b-46a4-9b24-05d2d157ca7f%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages