Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
557 views
in Technique[技术] by (71.8m points)

docker - Skaffold and microk8s -- getting started -- x509: certificate signed by unknown authority

Try to get started with skaffold, hitting lots of issues. So I went back to basics and tried to get the examples running:

  1. cloned https://github.com/GoogleContainerTools/skaffold
  2. ran cd ~/git/skaffold/examples/getting-started/ and then tried to get going;
$ skaffold dev --default-repo=aliwatters
Listing files to watch...
 - skaffold-example
Generating tags...
 - skaffold-example -> aliwatters/skaffold-example:v1.18.0-2-gf0bfcccce
Checking cache...
 - skaffold-example: Not found. Building
Building [skaffold-example]...
Sending build context to Docker daemon  3.072kB
Step 1/8 : FROM golang:1.12.9-alpine3.10 as builder
 ---> e0d646523991
Step 2/8 : COPY main.go .
 ---> Using cache
 ---> fb29e25db0a3
Step 3/8 : ARG SKAFFOLD_GO_GCFLAGS
 ---> Using cache
 ---> aa8dd4cbab42
Step 4/8 : RUN go build -gcflags="${SKAFFOLD_GO_GCFLAGS}" -o /app main.go
 ---> Using cache
 ---> 9a666995c00a
Step 5/8 : FROM alpine:3.10
 ---> be4e4bea2c2e
Step 6/8 : ENV GOTRACEBACK=single
 ---> Using cache
 ---> bdb74c01e0b9
Step 7/8 : CMD ["./app"]
 ---> Using cache
 ---> 15c248dd54e9
Step 8/8 : COPY --from=builder /app .
 ---> Using cache
 ---> 73564337b083
Successfully built 73564337b083
Successfully tagged aliwatters/skaffold-example:v1.18.0-2-gf0bfcccce
The push refers to repository [docker.io/aliwatters/skaffold-example]
37806ae41d23: Preparing
1b3ee35aacca: Preparing
37806ae41d23: Pushed
1b3ee35aacca: Pushed
v1.18.0-2-gf0bfcccce: digest: sha256:a8defaa979650baea27a437318a3c4cd51c44397d6e2c1910e17d81d0cde43ac size: 739
Tags used in deployment:
 - skaffold-example -> aliwatters/skaffold-example:v1.18.0-2-gf0bfcccce@sha256:a8defaa979650baea27a437318a3c4cd51c44397d6e2c1910e17d81d0cde43ac
Deploy Failed. Could not connect to cluster microk8s due to "https://127.0.0.1:16443/version?timeout=32s": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "10.152.183.1"). Check your connection for the cluster.

So this isn't making sense to me, the https://127.0.0.1:16443/version?timeout=32s is kubectl by the looks of it and it has a self-signed cert (viewed in the browser)

$ snap version
snap    2.48.2
snapd   2.48.2
series  16
ubuntu  20.04
kernel  5.4.0-60-generic

$ snap list 
# ...
microk8s              v1.20.1                     1910   1.20/stable      canonical?   classic
# ...

$ microk8s kubectl version
Client Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.1-34+e7db93d188d0d1", GitCommit:"e7db93d188d0d12f2fe5336d1b85cdb94cb909d3", GitTreeState:"clean", BuildDate:"2021-01-11T23:48:42Z", GoVersion:"go1.15.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.1-34+e7db93d188d0d1", GitCommit:"e7db93d188d0d12f2fe5336d1b85cdb94cb909d3", GitTreeState:"clean", BuildDate:"2021-01-11T23:50:46Z", GoVersion:"go1.15.6", Compiler:"gc", Platform:"linux/amd64"}

$ skaffold version
v1.18.0

$ docker version
Client: Docker Engine - Community
 Version:           19.03.4-rc1
...

Where do I start with debugging this?

Thanks for any ideas!

question from:https://stackoverflow.com/questions/65855359/skaffold-and-microk8s-getting-started-x509-certificate-signed-by-unknown

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Solved via the github issues https://github.com/GoogleContainerTools/skaffold/issues/5283 (thx briandealwis)

Combo of an alias, and an export of config was needed, so skaffold can understand the my setup.

$ sudo snap unalias kubectl
$ sudo snap install kubectl --classic 
$ microk8s.kubectl config view --raw > $HOME/.kube/config
$ skaffold dev --default-repo=<your-docker-repository>

Full output

$ sudo snap unalias kubectl
# just in case

ali@stinky:~/git/skaffold/examples/getting-started (master)$ sudo snap install kubectl --classic 
kubectl 1.20.2 from Canonical? installed

ali@stinky:~/git/skaffold/examples/getting-started (master)$ which kubectl
/snap/bin/kubectl

ali@stinky:~/git/skaffold/examples/getting-started (master)$ microk8s.kubectl config view --raw > $HOME/.kube/config

ali@stinky:~/git/skaffold/examples/getting-started (master)$ skaffold dev --default-repo=aliwatters
Listing files to watch...
 - skaffold-example
Generating tags...
 - skaffold-example -> aliwatters/skaffold-example:v1.18.0-2-gf0bfcccce
Checking cache...
 - skaffold-example: Found Remotely
Tags used in deployment:
 - skaffold-example -> aliwatters/skaffold-example:v1.18.0-2-gf0bfcccce@sha256:a8defaa979650baea27a437318a3c4cd51c44397d6e2c1910e17d81d0cde43ac
Starting deploy...
 - pod/getting-started created
Waiting for deployments to stabilize...
Deployments stabilized in 23.793238ms
Press Ctrl+C to exit
Watching for changes...
[getting-started] Hello world!
[getting-started] Hello world!
[getting-started] Hello world!
# ^C
Cleaning up...
 - pod "getting-started" deleted


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...