【问题标题】:How to inject custom SSL certs into springbok bootBuildImage如何将自定义 SSL 证书注入 springbok bootBuildImage
【发布时间】:2020-09-14 20:05:20
【问题描述】:

我不确定在不使用自定义基础映像的情况下这是否可行,但我正在尝试使用自签名 SSL 证书在公司防火墙后面构建映像:

> Task :bootBuildImage
Caching disabled for task ':bootBuildImage' because:
  Build cache is disabled
Task ':bootBuildImage' is not up-to-date because:
  Task has not declared any outputs despite executing actions.
Building image 'docker.io/library/temp:latest'

 > Pulling builder image 'gcr.io/paketo-buildpacks/builder:base-platform-api-0.3' ..................................................
 > Pulled builder image 'gcr.io/paketo-buildpacks/builder@sha256:200fb7945ef0f4a3c79befb1262fd592f54ba7b7ffcc8a37716434dd11d0e5e9'
 > Pulling run image 'gcr.io/paketo-buildpacks/run:base-cnb' ..................................................
 > Pulled run image 'gcr.io/paketo-buildpacks/run@sha256:f7f27462fb513a70370322ada08440a642d24a700056d4c6b8cbb344610bf486'
 > Executing lifecycle version v0.7.5
 > Using build cache volume 'pack-cache-739c2c210811.build'

 > Running creator
    [creator]     ---> DETECTING
    [creator]     ======== Results ========
    [creator]     pass: paketo-buildpacks/bellsoft-liberica@2.7.1
    [creator]     skip: paketo-buildpacks/gradle@1.2.2
    [creator]     skip: paketo-buildpacks/maven@1.4.2
    [creator]     skip: paketo-buildpacks/sbt@1.2.2
    [creator]     pass: paketo-buildpacks/executable-jar@1.2.5
    [creator]     pass: paketo-buildpacks/apache-tomcat@1.1.5
    [creator]     pass: paketo-buildpacks/dist-zip@1.3.2
    [creator]     pass: paketo-buildpacks/spring-boot@1.5.5
    [creator]     skip: paketo-buildpacks/procfile@1.3.5
    [creator]     skip: paketo-buildpacks/azure-application-insights@1.2.1
    [creator]     skip: paketo-buildpacks/debug@1.2.5
    [creator]     skip: paketo-buildpacks/google-stackdriver@1.2.1
    [creator]     skip: paketo-buildpacks/jmx@1.1.5
    [creator]     skip: paketo-buildpacks/encrypt-at-rest@1.2.5
    [creator]     skip: paketo-buildpacks/image-labels@1.0.5
    [creator]     Resolving plan... (try #1)
    [creator]     fail: paketo-buildpacks/bellsoft-liberica@2.7.1 provides unused jdk
    [creator]     Resolving plan... (try #2)
    [creator]     skip: paketo-buildpacks/executable-jar@1.2.5 requires jre
    [creator]     skip: paketo-buildpacks/apache-tomcat@1.1.5 requires jre
    [creator]     skip: paketo-buildpacks/dist-zip@1.3.2 requires jre
    [creator]     fail: paketo-buildpacks/bellsoft-liberica@2.7.1 provides unused jdk
    [creator]     Resolving plan... (try #3)
    [creator]     5 of 15 buildpacks participating
    [creator]     paketo-buildpacks/bellsoft-liberica 2.7.1
    [creator]     paketo-buildpacks/executable-jar    1.2.5
    [creator]     paketo-buildpacks/apache-tomcat     1.1.5
    [creator]     paketo-buildpacks/dist-zip          1.3.2
    [creator]     paketo-buildpacks/spring-boot       1.5.5
    [creator]     ---> ANALYZING
    [creator]     Analyzing image "c48997fb4f4f2e07e64033a33545298861d1f71f6a11a992bbb17cc84ecefee5"
    [creator]     ---> RESTORING
    [creator]     ---> BUILDING
    [creator]
    [creator]     Paketo BellSoft Liberica Buildpack 2.7.1
    [creator]         Set $BPL_JVM_HEAD_ROOM to configure the headroom in memory calculation. Default 0.
    [creator]         Set $BPL_JVM_LOADED_CLASS_COUNT to configure the number of loaded classes in memory calculation. Default 35% of classes.
    [creator]         Set $BPL_JVM_THREAD_COUNT to configure the number of threads in memory calculation. Default 250.
    [creator]         Set $BP_JVM_VERSION to configure the Java version. Default 11.*.
    [creator]       BellSoft Liberica JRE 8.0.252: Contributing to layer
    [creator]         Downloading from https://github.com/bell-sw/Liberica/releases/download/8u252+9/bellsoft-jre8u252+9-linux-amd64.tar.gz
    [creator]     unable to invoke layer creator
    [creator]     unable to get dependency jre
    [creator]     unable to download https://github.com/bell-sw/Liberica/releases/download/8u252+9/bellsoft-jre8u252+9-linux-amd64.tar.gz
    [creator]     unable to request https://github.com/bell-sw/Liberica/releases/download/8u252+9/bellsoft-jre8u252+9-linux-amd64.tar.gz
    [creator]     Get "https://github.com/bell-sw/Liberica/releases/download/8u252+9/bellsoft-jre8u252+9-linux-amd64.tar.gz": x509: certificate signed by unknown authority
    [creator]     ERROR: failed to build: exit status 1

这是日志 -> 我想知道是否有办法将 SSL 证书注入基础容器...

谢谢

【问题讨论】:

    标签: spring spring-boot ssl gradle


    【解决方案1】:

    您是否尝试过以下环境变量?:

    • DOCKER_TLS_VERIFY 设置为 1 时启用安全 HTTPS 协议 (可选)
    • DOCKER_CERT_PATH 证书和密钥文件的路径 HTTPS(如果 DOCKER_TLS_VERIFY=1 则需要,否则忽略)

    参考:https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/gradle-plugin/reference/html/#build-image

    【讨论】:

    • 不幸的是,这似乎处理 Gradle 和 Docker 之间的通信 -> 不是引擎本身......但我会试一试,看看发生了什么
    猜你喜欢
    • 2019-07-21
    • 1970-01-01
    • 1970-01-01
    • 2021-12-20
    • 2019-03-26
    • 1970-01-01
    • 1970-01-01
    • 2020-07-03
    • 2014-02-19
    相关资源
    最近更新 更多