Kubernetes failing with SSL error while Docker compose is working for Dotnet core project
Answer a question
I am new to Kubernetes and I am experimenting with some of these in my local development. Before I give my problem statement here is my environment and the state of my project.
- I have Windows 10 with WSL2 enable with Ubuntu running through VS Code.
- I have enabled the required plugins in VS Code (like Kubernetes, Docker and such of those)
- I have Docker desktop installed which has WSL2 + Ubuntu + Kubernetes enabled.
- I have ASP.Net Core 5 working version from my local system + ubuntu through Docker
- I have dockerfile + docker compose file and I have tested them all with and without SSL port and those are working with SSL and without SSL as well. (for that I have modified the program to accept non-SSL request).
coming to docker file -- It has required ports exposed like 5000 (for not SSL) and 5001 (for SSL) coming to docker compose file -- It has reuqired mapping like 5000:80 and 5000:443
-- It also has environment variable for URLs like
ASPNETCORE_URLS=https://+5001;http://+5000
-- It also has environment variable for Certificate path like
ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
-- It also has environment variable for Certificate password like
ASPNETCORE_Kestrel__Certificates__Default__Password=SECRETPASSWORD
Now, when I says docker compose up --build It build the project and also start the containers. I am able to access the site through https://localhost:5001 as well as http://localhost:5000
Now, coming to kubernets -- I have used kompose tool to generate kubernetes specific yaml files -- I haven't made any change in that. I ran the command kompose convert -f docker-compose.yaml -o ./.k8 -- finally, I ran kubectl apply -f .k8
It starts the container but immediately failed. I checked the logs and it says the following:
crit: Microsoft.AspNetCore.Server.Kestrel[0]
Unable to start Kestrel.
Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
Answers
In "It has required mapping like 5000:80 and 5000:443", actually it should be 5001:443 (as the port 5001 is used to map to the https 443 port).
Based on this error message
"nterop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file",
It seems the certificate file doesn't exist in the following location: /https/aspnetapp.pfx
Run the image, using the following Docker command:
docker run -it --entrypoint sh <image name>
You will access the container without running the entrypoint, do a cd /https/, check if the certificate is located in this folder or not, if not this is probably the problem.
云原生社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献35528条内容
所有评论(0)