From alpine linux container helm init -c says googleapis.com x509 certificate is not valid

[Dave Schile]

After downloading and chmoding helm 2.4.1 into a running alpine linux container  helm init -c fails with this error:

Error: Looks like "https://kubernetes-charts.storage.googleapis.com" is not a valid chart repository or cannot be reached: Get https://kubernetes-charts.storage.googleapis.com/index.yaml: x509: certificate has expired or is not yet valid

I believe helm is looking for a different certificate authority certificate, or possibly looking in the wrong place?

I have apk ca-certificates installed with a fresh update-ca-certificates

Does anyone know where helm is looking for the ca-certificates?

TIA

[Ahmet Alp Balkan]

Dave, have you been able to find an answer to this? 

Based on pkg/repo/chartrepo.go, it looks like if you don't specify any --tls/--tls-ca-cert it uses the golang http.DefaultClient which should be loading the system CA cert bundle normally, even on alpine. Have you verified you can actually curl that URL from your image? Maybe there's an issue with the ca-certificates setup.

--
You received this message because you are subscribed to the Google Groups "kubernetes-sig-apps" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-sig-apps+unsub...@googlegroups.com.
To post to this group, send email to kubernetes-sig-apps@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-sig-apps/59741e87-22bb-4a19-b2ed-e63e4ad0001c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.