When mounting CA into certificates.json as invited by
|
"overwriteSchemaWith": "certificates.json" |
(i'm using this certificates.json) :
certificates.json: |
{ "$schema": "http://json-schema.org/draft-07/schema#",
"title": "ca-certs",
"type": "object",
"properties": {
"cacerts": {
"type": "string",
"description": "String of concatenated CA certificates. Alternatively a target URL can be provided.",
"default": "-----BEGIN CERTIFICATE-----
MIIHZjCCBU6gAwIBAgIIYbJNv56Gpz4wDQYJKoZIhvcNAQELBQAwdTEtMCsGA1UE
AwwkQUMgUmFjaW5lIEdlbmRhcm1lcmllIG5hdGlvbmFsZSAyMDE4MRcwFQYDVQQL
-----END CERTIFICATE-----",
"x-onyxia": {
"hidden": true
}
},
"pathToCaBundle": {
"type": "string",
"description": "String path where a bundle is made or injected by third party solution",
"default": "/usr/local/share/ca-certificates/",
"x-onyxia": {
"hidden": true
}
}
}
}
I can observe 2 behavior, either i put the raw certificate, it causes the api container to fail at init due to formatting of the crt (i guess newlines and minus sign within the -----BEGIN CERTIFICATE-----.
I noted 2 core errors when trying it :
Caused by: java.lang.RuntimeException: Failed to load schema: certificates.json
Caused by: com.fasterxml.jackson.core.JsonParseException: Illegal unquoted character ((CTRL-CHAR, code 10)): has to be escaped using backslash to be included in string value
at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 9, column: 19]
and
Caused by: java.lang.RuntimeException: Failed to load schema: certificates.json
Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('-' (code 45)) in numeric value: expected digit (0-9) to follow minus sign, for valid numeric value
at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 10, column: 8]
I managed to make the api container start normalizing the string content (removing newline character). In this case, the string is correctly injected within the sub-service for instance jupyter in the /usr/local/share/ca-certificates folder and added to the truststore as expected. But due to the underlying bad formatting needed to be inserted in the json the AC ends up in a mess in the final /etc/ssl/ca-certificate file and still does'nt allow to make SSL request.
I tested same AC cert inserted manually outside the json and made it work.
When mounting CA into certificates.json as invited by
helm-charts-interactive-services/charts/jupyter-python/values.schema.json
Line 1061 in 7705b7c
(i'm using this certificates.json) :
I can observe 2 behavior, either i put the raw certificate, it causes the api container to fail at init due to formatting of the crt (i guess newlines and minus sign within the -----BEGIN CERTIFICATE-----.
I noted 2 core errors when trying it :
and
I managed to make the api container start normalizing the string content (removing newline character). In this case, the string is correctly injected within the sub-service for instance jupyter in the /usr/local/share/ca-certificates folder and added to the truststore as expected. But due to the underlying bad formatting needed to be inserted in the json the AC ends up in a mess in the final /etc/ssl/ca-certificate file and still does'nt allow to make SSL request.
I tested same AC cert inserted manually outside the json and made it work.