无法让谷歌身份验证在 docker 内工作以发布到 pubsub

Posted

技术标签:

【中文标题】无法让谷歌身份验证在 docker 内工作以发布到 pubsub【英文标题】:can't get google auth to work inside docker to publish to pubsub 【发布时间】:2019-01-09 22:27:19 【问题描述】:

我正在尝试让我的小型 go 应用程序 (pub/sub) 在 docker 内工作,所以我将它放在 GKE 中,但由于某种原因我无法让身份验证工作。

 docker run --rm -it gcr.io/snappy-premise-118915/sensorgen:v1
"pressure":24.10712641247902,"temperature":70.24302653595491,"dewpoint":41.3666446148299,"timecollected":"","latitude":-121.47104803040895,"longitude":0.007102469057958554,"humidity":19.463373213885937,"sensorId":"","zipcode":0
2018/08/02 07:37:14 Failed to publish: context deadline exceeded

我正在像这样创建 dockerfile:

FROM golang:1.8-alpine
COPY ./ /src
ENV LATITUDE = "-121.464"
ENV LONGITUDE = "36.9397"
ENV SENSORID = "sensor1234"
ENV ZIPCODE = "95023"
ENV INTERVAL = "3"
ENV GOOGLE_CLOUD_PROJECT = "snappy-premise-118915"
RUN apk add --no-cache git && \
    cd /src && \
    go get -t -v cloud.google.com/go/pubsub && \
    CGO_ENABLED=0 GOOS=linux go build main.go

# final stage
FROM alpine
ENV LATITUDE "-121.464"
ENV LONGITUDE "36.9397"
ENV SENSORID "sensor1234"
ENV ZIPCODE "95023"
ENV INTERVAL "3"
ENV GOOGLE_CLOUD_PROJECT "snappy-premise-118915"
ENV GOOGLE_APPLICATION_CREDENTIALS "/app/key.json"
WORKDIR /app
COPY --from=0 /src/main /app/
COPY --from=0 /src/key.json /app/
ENTRYPOINT /app/main

当我得到数据输出时,应用程序确实启动了,但是当它尝试发布到 pubsub 时,它似乎先手然后抛出这个错误:2018/08/02 07:37:14 Failed to publish: context deadline exceeded

------- 更新 ----------

我更改了我的 Dockerfile 以添加 x509 证书,但似乎仍然存在证书问题:

"pressure":24.13764705280961,"temperature":70.30698990487159,"dewpoint":40.44394673486464,"timecollected":"","latitude":-121.47166212174045,"longitude":0.005826195394839833,"humidity":19.821878333280246,"sensorId":"","zipcode":0
INFO: 2018/08/02 13:58:09 ccResolverWrapper: sending new addresses to cc: [pubsub.googleapis.com:443 0  <nil>]
INFO: 2018/08/02 13:58:09 balancerWrapper: got update addr from Notify: [pubsub.googleapis.com:443 0 pubsub.googleapis.com:443 1 pubsub.googleapis.com:443 2 pubsub.googleapis.com:443 3]
WARNING: 2018/08/02 13:58:09 grpc: addrConn.createTransport failed to connect to pubsub.googleapis.com:443 0  3. Err :connection error: desc = "transport: authentication handshake failed: x509: failed to load system roots and no roots provided". Reconnecting...

Docker 文件:

FROM golang:1.8-alpine
COPY ./ /src
ENV LATITUDE = "-121.464"
ENV LONGITUDE = "36.9397"
ENV SENSORID = "sensor1234"
ENV ZIPCODE = "95023"
ENV INTERVAL = "3"
ENV GOOGLE_CLOUD_PROJECT = "snappy-premise-118915"
RUN apk add --no-cache git && \
    apk --no-cache --update add ca-certificates && \
    cd /src && \
    go get -t -v cloud.google.com/go/pubsub && \
    CGO_ENABLED=0 GOOS=linux go build main.go

# final stage
FROM alpine
ENV LATITUDE "-121.464"
ENV LONGITUDE "36.9397"
ENV SENSORID "sensor1234"
ENV ZIPCODE "95023"
ENV INTERVAL "3"
ENV GOOGLE_CLOUD_PROJECT "snappy-premise-118915"
ENV GOOGLE_APPLICATION_CREDENTIALS "/app/key.json"
ENV GRPC_GO_LOG_SEVERITY_LEVEL "INFO"
WORKDIR /app
COPY --from=0 /src/main /app/
COPY --from=0 /src/key.json /app/
ENTRYPOINT /app/main
EXPOSE 8080

--------- 更新 ---------------

更改了我在图像上的 docker 文件,但仍然不行:

2018/08/02 14:10:40 Could not create pubsub Client: pubsub: google: error getting credentials using GOOGLE_APPLICATION_CREDENTIALS environment variable: open /key.json: no such file or directory

码头文件

FROM golang:1.8 as build-env

WORKDIR /go/src/app
ADD . /go/src/app
COPY key.json /

RUN go-wrapper download   # "go get -d -v ./..."
RUN go-wrapper install

# final stage
FROM gcr.io/distroless/base
ENV LATITUDE "-121.464"
ENV LONGITUDE "36.9397"
ENV SENSORID "sensor1234"
ENV ZIPCODE "95023"
ENV INTERVAL "3"
ENV GOOGLE_CLOUD_PROJECT "snappy-premise-118915"
ENV GOOGLE_APPLICATION_CREDENTIALS "/key.json"
ENV GRPC_GO_LOG_SEVERITY_LEVEL "INFO"
COPY --from=build-env /go/bin/app /
CMD ["/app"]

【问题讨论】:

您好!可以试试加RUN apk add ca-certificates吗? 【参考方案1】:

您似乎正在使用多阶段构建 (https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds)。

在原始版本中,您添加了一些文件。但是,当您进入下一阶段时,您需要将它们复制过来。因此,您可以使用 COPY --from=0 语句执行此操作,或者您可以简单地将 ADD 和 COPY 语句移到最后阶段。

【讨论】:

以上是关于无法让谷歌身份验证在 docker 内工作以发布到 pubsub的主要内容,如果未能解决你的问题,请参考以下文章

从 Dockerized SpringBoot 到外部 MariaDB 的 JDBC 身份验证失败

如何让谷歌跟踪直观地指示有错误的跨度

使用修改后的日期自动更新谷歌电子表格

如何让谷歌地图再次请求位置权限?

身份验证 laravel 4.2 无法工作

是否可以在 docker 容器内使用“externalbrowser”身份验证器与 Snowflake 进行连接身份验证?