时间戳

首页 > 解决方案 > 无法让谷歌身份验证在 docker 内工作以发布到 pubsub

docker - 无法让谷歌身份验证在 docker 内工作以发布到 pubsub

问题描述

我试图让我的小型 go 应用程序(pub/sub)在 docker 内工作,所以我把它放在 GKE 中,但由于某种原因我无法让身份验证工作。

 docker run --rm -it gcr.io/snappy-premise-118915/sensorgen:v1
{"pressure":24.10712641247902,"temperature":70.24302653595491,"dewpoint":41.3666446148299,"timecollected":"","latitude":-121.47104803040895,"longitude":0.007102469057958554,"humidity":19.463373213885937,"sensorId":"","zipcode":0}
2018/08/02 07:37:14 Failed to publish: context deadline exceeded

我正在创建这样的dockerfile:

FROM golang:1.8-alpine
COPY ./ /src
ENV LATITUDE = "-121.464"
ENV LONGITUDE = "36.9397"
ENV SENSORID = "sensor1234"
ENV ZIPCODE = "95023"
ENV INTERVAL = "3"
ENV GOOGLE_CLOUD_PROJECT = "snappy-premise-118915"
RUN apk add --no-cache git && \
    cd /src && \
    go get -t -v cloud.google.com/go/pubsub && \
    CGO_ENABLED=0 GOOS=linux go build main.go

# final stage
FROM alpine
ENV LATITUDE "-121.464"
ENV LONGITUDE "36.9397"
ENV SENSORID "sensor1234"
ENV ZIPCODE "95023"
ENV INTERVAL "3"
ENV GOOGLE_CLOUD_PROJECT "snappy-premise-118915"
ENV GOOGLE_APPLICATION_CREDENTIALS "/app/key.json"
WORKDIR /app
COPY --from=0 /src/main /app/
COPY --from=0 /src/key.json /app/
ENTRYPOINT /app/main

该应用程序确实在我获得数据输出时启动,但是当它尝试发布到 pubsub 时,它似乎先手然后抛出此错误:2018/08/02 07:37:14 Failed to publish: context deadline exceeded

- - - - 更新 - - - - -

我更改了 Dockerfile 以添加 x509 证书,但仍然存在证书问题,看起来像:

{"pressure":24.13764705280961,"temperature":70.30698990487159,"dewpoint":40.44394673486464,"timecollected":"","latitude":-121.47166212174045,"longitude":0.005826195394839833,"humidity":19.821878333280246,"sensorId":"","zipcode":0}
INFO: 2018/08/02 13:58:09 ccResolverWrapper: sending new addresses to cc: [{pubsub.googleapis.com:443 0  <nil>}]
INFO: 2018/08/02 13:58:09 balancerWrapper: got update addr from Notify: [{pubsub.googleapis.com:443 0} {pubsub.googleapis.com:443 1} {pubsub.googleapis.com:443 2} {pubsub.googleapis.com:443 3}]
WARNING: 2018/08/02 13:58:09 grpc: addrConn.createTransport failed to connect to {pubsub.googleapis.com:443 0  3}. Err :connection error: desc = "transport: authentication handshake failed: x509: failed to load system roots and no roots provided". Reconnecting...

码头工人文件:

FROM golang:1.8-alpine
COPY ./ /src
ENV LATITUDE = "-121.464"
ENV LONGITUDE = "36.9397"
ENV SENSORID = "sensor1234"
ENV ZIPCODE = "95023"
ENV INTERVAL = "3"
ENV GOOGLE_CLOUD_PROJECT = "snappy-premise-118915"
RUN apk add --no-cache git && \
    apk --no-cache --update add ca-certificates && \
    cd /src && \
    go get -t -v cloud.google.com/go/pubsub && \
    CGO_ENABLED=0 GOOS=linux go build main.go

# final stage
FROM alpine
ENV LATITUDE "-121.464"
ENV LONGITUDE "36.9397"
ENV SENSORID "sensor1234"
ENV ZIPCODE "95023"
ENV INTERVAL "3"
ENV GOOGLE_CLOUD_PROJECT "snappy-premise-118915"
ENV GOOGLE_APPLICATION_CREDENTIALS "/app/key.json"
ENV GRPC_GO_LOG_SEVERITY_LEVEL "INFO"
WORKDIR /app
COPY --from=0 /src/main /app/
COPY --from=0 /src/key.json /app/
ENTRYPOINT /app/main
EXPOSE 8080

- - - - - 更新 - - - - - - - -

在图像上更改了我的 docker 文件,但仍然不行:

2018/08/02 14:10:40 Could not create pubsub Client: pubsub: google: error getting credentials using GOOGLE_APPLICATION_CREDENTIALS environment variable: open /key.json: no such file or directory

dockerfile

FROM golang:1.8 as build-env

WORKDIR /go/src/app
ADD . /go/src/app
COPY key.json /

RUN go-wrapper download   # "go get -d -v ./..."
RUN go-wrapper install

# final stage
FROM gcr.io/distroless/base
ENV LATITUDE "-121.464"
ENV LONGITUDE "36.9397"
ENV SENSORID "sensor1234"
ENV ZIPCODE "95023"
ENV INTERVAL "3"
ENV GOOGLE_CLOUD_PROJECT "snappy-premise-118915"
ENV GOOGLE_APPLICATION_CREDENTIALS "/key.json"
ENV GRPC_GO_LOG_SEVERITY_LEVEL "INFO"
COPY --from=build-env /go/bin/app /
CMD ["/app"]

标签: dockergogoogle-cloud-platformgoogle-cloud-pubsub

解决方案

看起来您正在使用多阶段构建(https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds)。

在原始版本中,您添加了一些文件。但是,当您进入下一阶段时,您需要将它们复制过来。因此,您可以使用COPY --from=0语句来执行此操作,或者您可以简单地将 ADD 和 COPY 语句移到最后阶段。

推荐阅读