I am getting an HTTP 599: SSL certificate problem: unable to get local issuer certificate when trying to use Binderhub-UI.
Here’s my configuration parameters for Binder:
nameOverride: ""
fullnameOverride: ""
global: {}
# Resources for the BinderHub created build pods
# -----------------------------------------------------------------------------
#
buildPodsDockerConfig: {}
buildPodsRegistryCredentials:
server: https://index.docker.io/v1
username: <Redacted>
password: <Redacted>
config:
BinderHub:
base_url: /
hub_url: https://<jupyterhub-domain>
badge_base_url: https://<binderhub-domain>
use_registry: true
image_prefix: <Redacted>/
enable_api_only_mode: false
DockerRegistry:
username: <Redacted>
password: <Redacted>
extraConfig:
binderhub-service-01-build-pods-docker-config: |
import os
c.KubernetesBuildExecutor.push_secret = os.environ["PUSH_SECRET_NAME"]
binderhub-service-02-set-docker-api: |
import os
helm_release_name = os.environ["HELM_RELEASE_NAME"]
namespace = os.environ["NAMESPACE"]
c.KubernetesBuildExecutor.docker_host = f"/var/run/{ namespace }-{ helm_release_name }/docker-api/docker-api.sock"
extraEnv:
- name: JUPYTERHUB_API_TOKEN
valueFrom:
# Any JupyterHub Services api_tokens are exposed in this k8s Secret
secretKeyRef:
name: hub
key: hub.services.binder.apiToken
- name: JUPYTERHUB_CLIENT_ID
value: "service-binder"
- name: JUPYTERHUB_API_URL
value: "https://<jupyterhub-domain>/hub/api"
# Without this, the redirect URL to /hub/api/... gets
# appended to binderhub's URL instead of the hub's
- name: JUPYTERHUB_BASE_URL
value: "https://<jupyterhub-domain>/"
- name: JUPYTERHUB_OAUTH_CALLBACK_URL
value: "https://<binderhub-domain>/oauth_callback"
replicas: 1
image:
repository: quay.io/2i2c/binderhub-service
tag: "0.1.0-0.dev.git.249.hd511f95"
pullPolicy: ""
pullSecrets: []
resources: {}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
podSecurityContext: {}
podAnnotations: {}
nodeSelector: {}
affinity: {}
tolerations: []
# RBAC resources
# -----------------------------------------------------------------------------
#
rbac:
create: true
# ServiceAccount resource
# -----------------------------------------------------------------------------
#
serviceAccount:
create: true
name: ""
annotations: {}
# Service resource
# -----------------------------------------------------------------------------
#
service:
type: ClusterIP
port: 80
# Ingress resource
# -----------------------------------------------------------------------------
#
ingress:
annotations:
kubernetes.io/ingress.class: traefik
ingress.kubernetes.io/custom-request-headers: X-Scheme:https
enabled: true
hosts: [<binderhub-domain>]
pathSuffix: ""
tls: []
# DaemonSet resource - docker-api
# -----------------------------------------------------------------------------
#
# This DaemonSet starts a pod on each node to setup a Docker API that
# binderhub's spawned build pods can make use of, via a hostPath volume that
# exposes a unix socket.
#
dockerApi:
image:
repository: docker.io/library/docker
# Temporarily pinned, until https://github.com/2i2c-org/infrastructure/issues/3588 is fixed
tag: "26.1.3-dind" # source: https://hub.docker.com/_/docker/tags
pullPolicy: ""
pullSecrets: []
resources: {}
securityContext:
privileged: true
runAsUser: 0
podSecurityContext: {}
podAnnotations: {}
nodeSelector: {}
affinity: {}
tolerations: []
extraArgs: []
extraFiles: {}
I can’t figure it out what am I missing. Could you please advise?