Pod fails to start with certificate error due to unknown signing authority

[LP0101]

Your environment

Secret Injector Version: 1.0.2

1Password CLI Version: 2-beta, 2

Connect Server Version: N/A, using service account

What happened?

When deploying the pod, it fails with a certificate error, putting the pod into an error state followed by crashloopbackoff

What did you expect to happen?

The pod should run

Notes & Logs

[ERROR] 2023/07/13 22:09:45 error initializing client: Authentication: (failed to auth.LookupAuth), Network: (failed to request.DoUnencrypted), Get "https://<COMPANY_NAME>.1password.com/api/v2/auth/<REDACTED>@1passwordserviceaccounts.com/A3/Q7SJZ8/<REDACTED>": tls: failed to verify certificate: x509: certificate signed by unknown authority

[dipakparmar]

@LP0101 are you using make deploy to install? I also had the same issue ...

[LP0101]

Yup, also same issue when just deploying it manually with kustomize

[dipakparmar]

Yup, also same issue when just deploying it manually with customize

I think it has an issue with resource clean up issue, try cleaning up all the resources it created. Then redeploy!

[daniandl]

I'm also having this issue, no clue how to fix. It only seems to happen with images I built myself?
Running it inside a common node:20 image works, for example.

The URL that gets presumably called returns HTTP 445 with { reason: deprecated }

[rkirimov]

Dealing with exact same issue at the moment. I tried deleting all the associated resources and redeploying (I'm using Helm) but no success. Anyone figured out the solution?

[dipakparmar]

Dealing with exact same issue at the moment. I tried deleting all the associated resources and redeploying (I'm using Helm) but no success. Anyone figured out the solution?

@rkirimov probably best to reach out to Support!

[rkirimov]

In case anyone has the same issue, adding this line to my Dockerfile fixed it

RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*