2

I've generated a basic Kubernetes Web Application in Visual Studio 2019, v16.11.1, which allowed me to automatically generate a Dockerfile and start debugging. However, upon switching to a Release configuration, the build fails when the internal dotnet restore command executes. Apparently upon trying to pull Nuget packages from a feed, the dotnet restore rejects the SSL certificate provided by the Nuget feed server.

My question is, what am I doing wrong? I started with literally the default web application program generated by Visual Studio, and it automatically fails when I try to build a Release config. See here for more detail:

The Issue

The following Dockerfile can be built in a debug configuration, but not in a Release configuration.

FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS base
WORKDIR /app
EXPOSE 80

FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build
WORKDIR /src
COPY ["KubernetesWebApp/KubernetesWebApp.csproj", "KubernetesWebApp/"]

RUN dotnet restore "KubernetesWebApp/KubernetesWebApp.csproj"
COPY . .
WORKDIR "/src/KubernetesWebApp"
RUN dotnet build "KubernetesWebApp.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "KubernetesWebApp.csproj" -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "KubernetesWebApp.dll"]

Clicking "Debug" to start a debug session executes the following build, and I can debug the application:

docker build -f ".\KubernetesWebApp\Dockerfile" --force-rm -t kuberneteswebapp:dev --target base --label "com.microsoft.created-by=visual-studio" --label "com.microsoft.visual-studio.project-name=KubernetesWebApp" .

However, upon attempting the following build command, the dotnet restore command fails due to a remote SSL certificate check failure:

docker build -t kuberneteswebapp:latest -f KubernetesWebApp/Dockerfile .

This elicits the following error:

[+] Building 7.7s (12/17)
 => [internal] load build definition from Dockerfile                                                                                          0.4s
 => => transferring dockerfile: 32B                                                                                                           0.2s
 => [internal] load .dockerignore                                                                                                             0.3s
 => => transferring context: 35B                                                                                                              0.0s
 => [internal] load metadata for mcr.microsoft.com/dotnet/core/aspnet:3.1                                                                     0.8s
 => [internal] load metadata for mcr.microsoft.com/dotnet/core/sdk:3.1                                                                        0.8s
 => [internal] load build context                                                                                                             0.3s
 => => transferring context: 644B                                                                                                             0.1s
 => [build 1/7] FROM mcr.microsoft.com/dotnet/core/sdk:3.1@sha256:aa984bf37de864afe9f34bc80e42412dd95702b94731a481821eeae364df77ae            0.2s
 => => resolve mcr.microsoft.com/dotnet/core/sdk:3.1@sha256:aa984bf37de864afe9f34bc80e42412dd95702b94731a481821eeae364df77ae                  0.2s
 => [base 1/2] FROM mcr.microsoft.com/dotnet/core/aspnet:3.1@sha256:9280563285e34929fdae56b8759d8050169b3ce125a5dced64945b3b51e79918          0.3s
 => => resolve mcr.microsoft.com/dotnet/core/aspnet:3.1@sha256:9280563285e34929fdae56b8759d8050169b3ce125a5dced64945b3b51e79918               0.3s
 => CACHED [base 2/2] WORKDIR /app                                                                                                            0.0s
 => CACHED [final 1/2] WORKDIR /app                                                                                                           0.0s
 => CACHED [build 2/7] WORKDIR /src                                                                                                           0.0s
 => CACHED [build 3/7] COPY [KubernetesWebApp/KubernetesWebApp.csproj, KubernetesWebApp/]                                                     0.0s
 => ERROR [build 4/7] RUN dotnet restore "KubernetesWebApp/KubernetesWebApp.csproj"                                                           5.5s
------
 > [build 4/7] RUN dotnet restore "KubernetesWebApp/KubernetesWebApp.csproj":
#12 3.363   Determining projects to restore...
#12 5.397 /usr/share/dotnet/sdk/3.1.412/NuGet.targets(128,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json. [/src/KubernetesWebApp/KubernetesWebApp.csproj]
#12 5.397 /usr/share/dotnet/sdk/3.1.412/NuGet.targets(128,5): error :   The SSL connection could not be established, see inner exception. [/src/KubernetesWebApp/KubernetesWebApp.csproj]
#12 5.397 /usr/share/dotnet/sdk/3.1.412/NuGet.targets(128,5): error :   The remote certificate is invalid according to the validation procedure. [/src/KubernetesWebApp/KubernetesWebApp.csproj]
------
executor failed running [/bin/sh -c dotnet restore "KubernetesWebApp/KubernetesWebApp.csproj"]: exit code: 1

What I Think the Problem Is

I think the issue arises when :

  1. The docker container attempts to pull Nuget packages from a nuget feed,
  2. During identity verification it checks the provided server certificate
  3. Due to some specified validation procedure, the server certificate fails verification.

What I've Tried to Fix It

I've tried the following commands to force the application to download new base container images, but to no avail:

Attempt 1:

docker build --no-cache --pull -t kuberneteswebapp:latest -f KubernetesWebApp/Dockerfile .

Result: Same error as before

Attempt 2:

docker system prune
docker image prune -a
docker build --no-cache --pull -t kuberneteswebapp:latest -f KubernetesWebApp/Dockerfile .

result: Same error as before

Neither of these efforts have succeeded. Can anyone help me? I'm at a loss here.

Improve this question
6
  • Are you behind some kind of proxy ( at work usually)?
    – Schwarzie2478
    Commented Aug 19, 2021 at 16:22
  • We use a VPN that redirects all our internet traffic.
    – EruditeEngineer
    Commented Aug 20, 2021 at 13:57
  • Since the build works from Visual Studio, did you try to build the project from cmd on your machine. It's possible that Visual Studio changes some environment settings for handling https connections ( TLS 1.2 issues, or ignoring certificate errors).
    – Schwarzie2478
    Commented Aug 23, 2021 at 15:47
  • I did, it fails the command line build.
    – EruditeEngineer
    Commented Aug 23, 2021 at 20:51
  • Did you try to build that project on another machine? Better without mentioned VPN
    – AndrewSilver
    Commented Aug 24, 2021 at 16:41

2 Answers 2

Reset to default
1

The issue fixed itself. I just reattempted both my test and actual projects and it works now. This could have been a software update or a computer restart. But everything works now.

Improve this answer
0

If you are using Windows containers, I recommend switching to a Linux container and trying it out again. (You can do so by right clicking the Docker desktop icon in the system tray bar).

I came across the following issue on GitHub: https://github.com/docker/for-win/issues/2760#issuecomment-430889666 I was unable to reproduce your issue with a fresh ASP .NET Web API

Improve this answer
0

Not the answer you're looking for? Browse other questions tagged or ask your own question.