无法让谷歌身份验证在 docker 内工作以发布到 pubsub

Posted 2023-02-16

【中文标题】无法让谷歌身份验证在 docker 内工作以发布到 pubsub

【英文标题】：can't get google auth to work inside docker to publish to pubsub

【发布时间】：2019-01-09 22:27:19

【问题描述】：

我正在尝试让我的小型 go 应用程序 (pub/sub) 在 docker 内工作，所以我将它放在 GKE 中，但由于某种原因我无法让身份验证工作。

 docker run --rm -it gcr.io/snappy-premise-118915/sensorgen:v1
"pressure":24.10712641247902,"temperature":70.24302653595491,"dewpoint":41.3666446148299,"timecollected":"","latitude":-121.47104803040895,"longitude":0.007102469057958554,"humidity":19.463373213885937,"sensorId":"","zipcode":0
2018/08/02 07:37:14 Failed to publish: context deadline exceeded

我正在像这样创建 dockerfile：

FROM golang:1.8-alpine
COPY ./ /src
ENV LATITUDE = "-121.464"
ENV LONGITUDE = "36.9397"
ENV SENSORID = "sensor1234"
ENV ZIPCODE = "95023"
ENV INTERVAL = "3"
ENV GOOGLE_CLOUD_PROJECT = "snappy-premise-118915"
RUN apk add --no-cache git && \
    cd /src && \
    go get -t -v cloud.google.com/go/pubsub && \
    CGO_ENABLED=0 GOOS=linux go build main.go

# final stage
FROM alpine
ENV LATITUDE "-121.464"
ENV LONGITUDE "36.9397"
ENV SENSORID "sensor1234"
ENV ZIPCODE "95023"
ENV INTERVAL "3"
ENV GOOGLE_CLOUD_PROJECT "snappy-premise-118915"
ENV GOOGLE_APPLICATION_CREDENTIALS "/app/key.json"
WORKDIR /app
COPY --from=0 /src/main /app/
COPY --from=0 /src/key.json /app/
ENTRYPOINT /app/main

当我得到数据输出时，应用程序确实启动了，但是当它尝试发布到 pubsub 时，它似乎先手然后抛出这个错误：2018/08/02 07:37:14 Failed to publish: context deadline exceeded

------- 更新 ----------

我更改了我的 Dockerfile 以添加 x509 证书，但似乎仍然存在证书问题：

"pressure":24.13764705280961,"temperature":70.30698990487159,"dewpoint":40.44394673486464,"timecollected":"","latitude":-121.47166212174045,"longitude":0.005826195394839833,"humidity":19.821878333280246,"sensorId":"","zipcode":0
INFO: 2018/08/02 13:58:09 ccResolverWrapper: sending new addresses to cc: [pubsub.googleapis.com:443 0  <nil>]
INFO: 2018/08/02 13:58:09 balancerWrapper: got update addr from Notify: [pubsub.googleapis.com:443 0 pubsub.googleapis.com:443 1 pubsub.googleapis.com:443 2 pubsub.googleapis.com:443 3]
WARNING: 2018/08/02 13:58:09 grpc: addrConn.createTransport failed to connect to pubsub.googleapis.com:443 0  3. Err :connection error: desc = "transport: authentication handshake failed: x509: failed to load system roots and no roots provided". Reconnecting...

Docker 文件：

FROM golang:1.8-alpine
COPY ./ /src
ENV LATITUDE = "-121.464"
ENV LONGITUDE = "36.9397"
ENV SENSORID = "sensor1234"
ENV ZIPCODE = "95023"
ENV INTERVAL = "3"
ENV GOOGLE_CLOUD_PROJECT = "snappy-premise-118915"
RUN apk add --no-cache git && \
    apk --no-cache --update add ca-certificates && \
    cd /src && \
    go get -t -v cloud.google.com/go/pubsub && \
    CGO_ENABLED=0 GOOS=linux go build main.go

# final stage
FROM alpine
ENV LATITUDE "-121.464"
ENV LONGITUDE "36.9397"
ENV SENSORID "sensor1234"
ENV ZIPCODE "95023"
ENV INTERVAL "3"
ENV GOOGLE_CLOUD_PROJECT "snappy-premise-118915"
ENV GOOGLE_APPLICATION_CREDENTIALS "/app/key.json"
ENV GRPC_GO_LOG_SEVERITY_LEVEL "INFO"
WORKDIR /app
COPY --from=0 /src/main /app/
COPY --from=0 /src/key.json /app/
ENTRYPOINT /app/main
EXPOSE 8080

--------- 更新 ---------------

更改了我在图像上的 docker 文件，但仍然不行：

2018/08/02 14:10:40 Could not create pubsub Client: pubsub: google: error getting credentials using GOOGLE_APPLICATION_CREDENTIALS environment variable: open /key.json: no such file or directory

码头文件

FROM golang:1.8 as build-env

WORKDIR /go/src/app
ADD . /go/src/app
COPY key.json /

RUN go-wrapper download   # "go get -d -v ./..."
RUN go-wrapper install

# final stage
FROM gcr.io/distroless/base
ENV LATITUDE "-121.464"
ENV LONGITUDE "36.9397"
ENV SENSORID "sensor1234"
ENV ZIPCODE "95023"
ENV INTERVAL "3"
ENV GOOGLE_CLOUD_PROJECT "snappy-premise-118915"
ENV GOOGLE_APPLICATION_CREDENTIALS "/key.json"
ENV GRPC_GO_LOG_SEVERITY_LEVEL "INFO"
COPY --from=build-env /go/bin/app /
CMD ["/app"]

【问题讨论】：

您好！可以试试加RUN apk add ca-certificates吗？

【参考方案1】：

您似乎正在使用多阶段构建 (https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds)。

在原始版本中，您添加了一些文件。但是，当您进入下一阶段时，您需要将它们复制过来。因此，您可以使用 COPY --from=0 语句执行此操作，或者您可以简单地将 ADD 和 COPY 语句移到最后阶段。