Vector: Ensure docker release containers contain proper ca certs
Currently, at least our debian container does not contain updated ca-certs I was able to produce ssl errors while trying to connect to aws. We need to ensure that these containers are able to talk securely.
LucioFranco
All 7 comments
Please
- Provide more detail on what you did to produce this.
- Any logs or output you experienced.
- Add a note that states this should be tested in CI in some way to ensure we don't regress.
binarylogic
on 10 Oct 2019
@binarylogic we just need to ensure update-ca-certificates (this is the one for debian, I have not tested alpine) has been run on the containers I believe. @a-rodin may have a better idea.
LucioFranco
on 10 Oct 2019
I have the same problem with the ca-certificates while connecting to Amazon Elasticsearch Service as sink. I need to install ca-certificates on top of the official debian docker image.
This issue is quite hard to test. The slim image missing wget,curl, openssl it took me a while to hunt down it is a system ca issue.
linc01n
on 10 Oct 2019
@LucioFranco It seems like if we don't need to add self-signed certificates there, just installing ca-certificates package should be enough as this answer suggests. I've tested installing ca-certificates packages and http sink with SSL and it worked fine.
a-rodin
on 10 Oct 2019
@a-rodin Agreed, does alpine have a similar command?
LucioFranco
on 10 Oct 2019
@LucioFranco There is a package called ca-certificates too. So the command would be
apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
I believe this was fixed in #1014, closing.
binarylogic
on 1 Dec 2019
Related issues
Hoverbear
路
3Comments
jamtur01
路
3Comments
LucioFranco
路
3Comments
a-rodin
路
3Comments
a-rodin
路
3Comments