Closed Nexengineer closed 1 month ago
@Nexengineer One option I can think of is by adding the self-signed certificate CA to default Java keystore(JAVA_HOME/jre/lib/security/cacerts
) or system truststore in the pod.
@avinashdesireddy I was able to resolve it by creating a custom image details are attached below
FROM trinodb/trine-gateway:8
RUN mkdir -p /etc/pki/ca-trust/extracted/pem/ && \
mkdir -p /etc/pki/ca-trust/extracted/openssl/
USER root
RUN mkdir -p /tmp/certs
WORKDIR /tmp/app
COPY ca.pem /tmp/app/ca.pem
# For health using curl
RUN cat /tmp/app/ca.pem >> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
RUN cat /tmp/app/ca.pem >> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
# For calling actual enviroment
COPY ca.cer $JAVA_HOME/lib/security
RUN \
cd $JAVA_HOME/lib/security \
&& keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ca.cer
Is there a better way?
Hi,
I am running a Trino cluster in k8s. It has a self signed certificate, whenever I am adding a backend I am getting below error. Please point me to correct direction for a fix.
If I am trying to curl my Trino cluster from Trino gateway pod
curl https://mytrino.com/v1/info
fails butcurl -k https://mytrino.com/v1/info
200 okIs there way to control
curl -k
via config.Thanks Any help is appreciated