Closed jthegedus closed 5 years ago
Berglas actually pulls in ca certs, but most people aren't running berglas as the base image :smile:. Usually you pull just the binary over.
This isn't a berglas issue, but rather an issue with alpine/thin images in general. They don't include the latest CA certificate bundles, so any outbound TLS requests will likely fail to verify. You can replicate this via curl
or wget
too.
Since it doesn't really make sense to bundle certificates into berglas, I'm going to say this is working as intended. However, I am going to add a note to the Dockerfile examples to help push people in the right direction if they switch the base image.
Thanks for trying Berglas, and thanks for opening an issue!
Thanks for the in-depth response, much appreciated :smile:
Problem
I followed the node.js & Cloud Run example you have here and the resultant image was 300+MBs. Switching to
node:10-alpine
I than ran into this issue on deploymentHere is the Dockerfile
Expectations
I expected this to work without me needing to add
ca-certificates
as a package to the Docker image as it is contained within the Berglas image.Temporary Solution
adding
RUN apk add ca-certificates
to my Dockerfile solved the issue and I get an image around 30MBs in size :tada:Full example code here: https://github.com/jthegedus/firebase-gcp-examples/tree/master/gcp-cloudrun-berglas/helloService
Question
Are my assumptions incorrect here, or is this a bug with Berglas?