Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Could not find certificates to serve TLS #29

Open
falseneutral opened this issue Oct 19, 2019 · 2 comments
Open

Could not find certificates to serve TLS #29

falseneutral opened this issue Oct 19, 2019 · 2 comments

Comments

@falseneutral
Copy link

Started the container (docker run --rm -p 8080:8000 kuart) and got the following output

2019/10/18 16:28:50 Starting kuard version: test
2019/10/18 16:28:50 **********************************************************************
2019/10/18 16:28:50 * WARNING: This server may expose sensitive
2019/10/18 16:28:50 * and secret information. Be careful.
2019/10/18 16:28:50 **********************************************************************
2019/10/18 16:28:50 Config:
{
  "address": ":8080",
  "debug": false,
  "debug-sitedata-dir": "./sitedata",
  "keygen": {
    "enable": false,
    "exit-code": 0,
    "exit-on-complete": false,
    "memq-queue": "",
    "memq-server": "",
    "num-to-gen": 0,
    "time-to-run": 0
  },
  "liveness": {
    "fail-next": 0
  },
  "readiness": {
    "fail-next": 0
  },
  "tls-address": ":8443",
  "tls-dir": "/tls"
}
2019/10/18 16:28:50 Could not find certificates to serve TLS
2019/10/18 16:28:50 Serving on HTTP on :8080

Any ideas what needs to be in place for this to work?
@cmoulliard
Copy link

Do we have to mount the TLS cert/key using a secret ?

@alex1989hu
Copy link

As of now image: sha256:1ecc9fb2c871302fdb57a25e0c076311b7b352b0a9246d442940ca8fb4efe229 you need to mount the certificate key pair here: /tls/kuard.crt and /tls/kuard.key

Directory:

kuard/pkg/app/config.go

Line 53 in a27b696

fs.String("tls-dir", "/tls", "Directory to look to find TLS certs")

Filenames:

kuard/pkg/app/app.go

Lines 140 to 141 in a27b696

certFile := filepath.Join(k.c.TLSDir, "kuard.crt")
keyFile := filepath.Join(k.c.TLSDir, "kuard.key")

In Kubernetes I did the following - I use cert-manager for kind: Certificate:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: kuard
  name: kuard
  namespace: foobar
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kuard
  template:
    metadata:
      labels:
        app: kuard
    spec:
      containers:
      - image: nexus-docker.cntr.swsnet.ch/kuar-demo/kuard-amd64:blue
        name: kuard-amd64
        ports:
        - containerPort: 8080
          name: http
          protocol: TCP
        - containerPort: 8443
          name: https
          protocol: TCP
        volumeMounts:
        - name: certificates
          mountPath: /tls
          readOnly: true
      volumes:
      - name: certificates
        secret:
          secretName: kuard-certificate
          items:
          - key: tls.crt
            path: kuard.crt
          - key: tls.key
            path: kuard.key
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: kuard-certificate
  namespace: foobar
spec:
  secretName: kuard-certificate
  commonName: kuard
  privateKey:
    algorithm: ECDSA
    rotationPolicy: Always
    size: 384
  usages:
    - digital signature
    - key encipherment
    - server auth
  dnsNames:
    - localhost
    - kuard
    - kuard.foobar
    - kuard.foobar.svc
    - kuard.foobar.svc.cluster.local
  issuerRef:
    name: ca-issuer
    kind: ClusterIssuer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@falseneutral @cmoulliard @alex1989hu