This is a compendium of common errors.
x509: certificate signed by unknown authority
- The error occurs when a container is trying to make an https request but doesn't have any SSL certificates installed locally. Note that these do not have to be signed by a CA.
- This happens when a Dockerfile is created for the container
https traffic to another service within the cluster that is listening for
- This commonly occurs when addressing a service
foofrom a service
bar, both of which are within the cluster Consider the following scenario:
foois externally accessible at
https://foo.example.comwith tls-termination and has the port 3000 open on the container.
- The right way to access the service
foofrom within the cluster is by targeting
- Note the http and https above.
- Addressing the service
foofrom within the cluster as
- In case it is imperative that some ingress rules and proxy conditions are to be applied to inbound traffic, take a look at this and this
503 errors on deploying a service
- The most common cause is a port misconfiguration
- Verify that
livenessProbeare targeting the correct container port and that the container port is returning a
2xxfor that probe
Working with Cloudflare
Please refer to the guide on cloudflare setup
Environment creation fails (AWS)
An environment consists of a VPC, along with its subnets, NAT gateway, and an external IP. Creating this could fail when there is insufficient quota in the AWS account-region to provision these resources. An increase in quota can be requested through the AWS console.
- EIP increase https://us-east-2.console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-0263D0A3 (or whichever region you choose) - increase from the previous limit to a larger number (say 25). One per env is required.
- VPC increase https://us-east-2.console.aws.amazon.com/servicequotas/home/services/vpc/quotas/L-F678F1CE (or whichever region you choose) - increase from the previous limit to a larger number (say 25). One per env is required.
- VPN Gateway increase https://us-east-2.console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-7029FAB6 (or whichever region you choose) - increase from the previous limit to a larger number (say 25). One per env is required.
- NAT Gateway increase https://us-east-2.console.aws.amazon.com/servicequotas/home/services/vpc/quotas/L-FE5A380F (or whichever region you choose) - increase from the previous limit to a larger number (say 25). One per env is required.
After this is done, destroy the failed environment and create a new one to resolve this issue.