C
Coder.com2y ago
tfishler

Download coder-agent from a host with untrusted CA certificate

Hello! I'm using the example k8s template for running inside a k8s pod. When the pod spins up it tries to download using curl the coder-agent itself (directly from the running server). The server is host with a selfsigned ssl certificate, thus, curl command fails. 
curl -fsSL --compressed https://coder.example/bin/coder-linux-amd64 -o coder                                                                                                                                                                                                     │
│ curl: (60) SSL certificate problem: unable to get local issuer certificate                                                                                                                                                                                                                                      │
curl -fsSL --compressed https://coder.example/bin/coder-linux-amd64 -o coder                                                                                                                                                                                                     │
│ curl: (60) SSL certificate problem: unable to get local issuer certificate                                                                                                                                                                                                                                      │
Where is this installation script? I could not find it in terraform files nor in https://code-server.dev/install.sh How is this being pulled and how can I modify it so I could append my own trusted CA cert? Thanks.
28 Replies
Phorcys
Phorcys2y ago
hello, can you send me your terraform template ? you should be able to add your own certificate to the workspace image
Where is this installation script?
I think it is in the coder terraform provider but I am totally unsure.
tfishler
tfishler2y ago
@Phorcys this is the default kubernetes template. for that matter.
Phorcys
Phorcys2y ago
yeah so you should change the pod's spec.container.image from codercom/enterprise-base:ubuntu to your own image which has the certs in it's trust store, I think this is the only was as of now.
tfishler
tfishler2y ago
I see.. I'll give it a go. I'll take this one as a base and modify it per my needs.
Phorcys
Phorcys2y ago
soo
tfishler
tfishler2y ago
How do I download the original script then? I'll look for it in github.
Phorcys
Phorcys2y ago
you don't have to you can just modify the pod's spec.container.command from ["sh", "-c", coder_agent.main.init_script] to ["my_script_or_whatever", "&&", "sh", "-c", coder_agent.main.init_script] kinda dirty but it will work you could put the script in a volume so you don't have to feed it 900 arguments
tfishler
tfishler2y ago
I like the idea of building my own image here based on the codercom/enterprise-base:ubuntu image. Follow up question - I use ECR (AWS image registry). Can I reference private registries that needs authentication?
Phorcys
Phorcys2y ago
yes let me find it
tfishler
tfishler2y ago
Where are you looking for it? In official docs?
Phorcys
Phorcys2y ago
I was about to tell you, you can look in the provider's documentation
tfishler
tfishler2y ago
Will do.
Phorcys
Phorcys2y ago
so, in that case it's hashicorp/kubernetes -> https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs same goes for the coder provider coder/coder if you're looking for coder-related stuff. -> https://registry.terraform.io/providers/coder/coder/latest/docs I know you can do it with the docker provider, you should be able to do it with this one too but I haven't seen it before
tfishler
tfishler2y ago
I think its less related to the coder provider and more to the kubernetes_pod resource
Phorcys
Phorcys2y ago
it is, I was just giving that link for reference incase you're looking for docs for coder_app/any coder resources. I think I found it yup
Want results from more Discord servers?
Add your server