英文:
Okteto CLI: Trust a custom CA certificate
问题
在阅读在Okteto Cloud上使用PHP入门教程时,当运行okteto init
时出现“由未知机构签署的证书”错误。我相信这与我们公司定义的自定义zscaler CA有关。
如何使okteto cli信任自定义CA?据我所了解,它是用golang开发的,但是设置SSL_CERT_FILE和SSL_CERT_DIR并指定证书的位置似乎没有起作用。
➜ php-getting-started git:(main) okteto init
i Using … @ cloud.okteto.com as context
✓ Okteto manifest (okteto.yml) deploy and build configured successfully
? Do you want to launch your development environment? [Y/n]: y
i Building ‘Dockerfile’ in tcp://buildkit.cloud.okteto.net:443…
[+] Building 0.0s (0/0)
x Error building service ‘hello-world’: error building image ‘registry.cloud.okteto.net/.../php-hello-world:1.0.0’: build failed: failed to dial gRPC: rpc error: code = Unavailable desc = connection error: desc = “transport: authentication handshake failed: x509: certificate signed by unknown authority”
英文:
While going over Getting Started on Okteto Cloud with PHP tutorial and getting the “certificate signed by unknown authority” error when running okteto init
. I believe it’s related to the custom zscaler CA that our company defines.
How can I have okteto cli to trust custom CA? As far as I understand it's developed in golang, but setting SSL_CERT_FILE and SSL_CERT_DIR with the location of the certificates didn't help.
➜ php-getting-started git:(main) okteto init
i Using … @ cloud.okteto.com as context
✓ Okteto manifest (okteto.yml) deploy and build configured successfully
? Do you want to launch your development environment? [Y/n]: y
i Building ‘Dockerfile’ in tcp://buildkit.cloud.okteto.net:443…
[+] Building 0.0s (0/0)
x Error building service ‘hello-world’: error building image ‘registry.cloud.okteto.net/.../php-hello-world:1.0.0’: build failed: failed to dial gRPC: rpc error: code = Unavailable desc = connection error: desc = “transport: authentication handshake failed: x509: certificate signed by unknown authority”
答案1
得分: 1
这在最新版本(2.15.3)上不受支持,但计划在下一个版本中发布。
修复已经合并,并在开发通道上可用:
export OKTETO_CHANNEL=dev
curl https://get.okteto.com -sSfL | sh
https://community.okteto.com/t/allowing-custom-certificates-in-okteto-cli/828 上有更多相关信息。
英文:
This is not supported on the latest build (2.15.3), but is scheduled to be released on the next.
The fix is already merged, and available on the dev channel:
export OKTETO_CHANNEL=dev
curl https://get.okteto.com -sSfL | sh
https://community.okteto.com/t/allowing-custom-certificates-in-okteto-cli/828 has more information on this.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论