Okteto CLI:信任自定义 CA 证书

huangapple go评论113阅读模式
英文:

Okteto CLI: Trust a custom CA certificate

问题

在阅读在Okteto Cloud上使用PHP入门教程时,当运行okteto init时出现“由未知机构签署的证书”错误。我相信这与我们公司定义的自定义zscaler CA有关。

如何使okteto cli信任自定义CA?据我所了解,它是用golang开发的,但是设置SSL_CERT_FILE和SSL_CERT_DIR并指定证书的位置似乎没有起作用。

➜ php-getting-started git:(main) okteto init
i Using … @ cloud.okteto.com as context
✓ Okteto manifest (okteto.yml) deploy and build configured successfully
? Do you want to launch your development environment? [Y/n]: y
i Building ‘Dockerfile’ in tcp://buildkit.cloud.okteto.net:443…
[+] Building 0.0s (0/0)
x Error building service ‘hello-world’: error building image ‘registry.cloud.okteto.net/.../php-hello-world:1.0.0’: build failed: failed to dial gRPC: rpc error: code = Unavailable desc = connection error: desc = “transport: authentication handshake failed: x509: certificate signed by unknown authority”
英文:

While going over Getting Started on Okteto Cloud with PHP tutorial and getting the “certificate signed by unknown authority” error when running okteto init. I believe it’s related to the custom zscaler CA that our company defines.

How can I have okteto cli to trust custom CA? As far as I understand it's developed in golang, but setting SSL_CERT_FILE and SSL_CERT_DIR with the location of the certificates didn't help.

➜ php-getting-started git:(main) okteto init
i Using … @ cloud.okteto.com as context
✓ Okteto manifest (okteto.yml) deploy and build configured successfully
? Do you want to launch your development environment? [Y/n]: y
i Building ‘Dockerfile’ in tcp://buildkit.cloud.okteto.net:443…
[+] Building 0.0s (0/0)
x Error building service ‘hello-world’: error building image ‘registry.cloud.okteto.net/.../php-hello-world:1.0.0’: build failed: failed to dial gRPC: rpc error: code = Unavailable desc = connection error: desc = “transport: authentication handshake failed: x509: certificate signed by unknown authority”

答案1

得分: 1

这在最新版本(2.15.3)上不受支持,但计划在下一个版本中发布。

修复已经合并,并在开发通道上可用:

export OKTETO_CHANNEL=dev
curl https://get.okteto.com -sSfL | sh

https://community.okteto.com/t/allowing-custom-certificates-in-okteto-cli/828 上有更多相关信息。

英文:

This is not supported on the latest build (2.15.3), but is scheduled to be released on the next.

The fix is already merged, and available on the dev channel:

export OKTETO_CHANNEL=dev
curl https://get.okteto.com -sSfL | sh

https://community.okteto.com/t/allowing-custom-certificates-in-okteto-cli/828 has more information on this.

huangapple
  • 本文由 发表于 2023年5月22日 20:09:04
  • 转载请务必保留本文链接:https://go.coder-hub.com/76306044.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定