I've generated a basic Kubernetes Web Application in Visual Studio 2019, v16.11.1, which allowed me to automatically generate a Dockerfile and start debugging. However, upon switching to a Release configuration, the build fails when the internal dotnet restore
command executes. Apparently upon trying to pull Nuget packages from a feed, the dotnet restore rejects the SSL certificate provided by the Nuget feed server.
My question is, what am I doing wrong? I started with literally the default web application program generated by Visual Studio, and it automatically fails when I try to build a Release config. See here for more detail:
The Issue
The following Dockerfile can be built in a debug configuration, but not in a Release configuration.
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS base
WORKDIR /app
EXPOSE 80
FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build
WORKDIR /src
COPY ["KubernetesWebApp/KubernetesWebApp.csproj", "KubernetesWebApp/"]
RUN dotnet restore "KubernetesWebApp/KubernetesWebApp.csproj"
COPY . .
WORKDIR "/src/KubernetesWebApp"
RUN dotnet build "KubernetesWebApp.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "KubernetesWebApp.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "KubernetesWebApp.dll"]
Clicking "Debug" to start a debug session executes the following build, and I can debug the application:
docker build -f ".\KubernetesWebApp\Dockerfile" --force-rm -t kuberneteswebapp:dev --target base --label "com.microsoft.created-by=visual-studio" --label "com.microsoft.visual-studio.project-name=KubernetesWebApp" .
However, upon attempting the following build command, the dotnet restore command fails due to a remote SSL certificate check failure:
docker build -t kuberneteswebapp:latest -f KubernetesWebApp/Dockerfile .
This elicits the following error:
[+] Building 7.7s (12/17)
=> [internal] load build definition from Dockerfile 0.4s
=> => transferring dockerfile: 32B 0.2s
=> [internal] load .dockerignore 0.3s
=> => transferring context: 35B 0.0s
=> [internal] load metadata for mcr.microsoft.com/dotnet/core/aspnet:3.1 0.8s
=> [internal] load metadata for mcr.microsoft.com/dotnet/core/sdk:3.1 0.8s
=> [internal] load build context 0.3s
=> => transferring context: 644B 0.1s
=> [build 1/7] FROM mcr.microsoft.com/dotnet/core/sdk:3.1@sha256:aa984bf37de864afe9f34bc80e42412dd95702b94731a481821eeae364df77ae 0.2s
=> => resolve mcr.microsoft.com/dotnet/core/sdk:3.1@sha256:aa984bf37de864afe9f34bc80e42412dd95702b94731a481821eeae364df77ae 0.2s
=> [base 1/2] FROM mcr.microsoft.com/dotnet/core/aspnet:3.1@sha256:9280563285e34929fdae56b8759d8050169b3ce125a5dced64945b3b51e79918 0.3s
=> => resolve mcr.microsoft.com/dotnet/core/aspnet:3.1@sha256:9280563285e34929fdae56b8759d8050169b3ce125a5dced64945b3b51e79918 0.3s
=> CACHED [base 2/2] WORKDIR /app 0.0s
=> CACHED [final 1/2] WORKDIR /app 0.0s
=> CACHED [build 2/7] WORKDIR /src 0.0s
=> CACHED [build 3/7] COPY [KubernetesWebApp/KubernetesWebApp.csproj, KubernetesWebApp/] 0.0s
=> ERROR [build 4/7] RUN dotnet restore "KubernetesWebApp/KubernetesWebApp.csproj" 5.5s
------
> [build 4/7] RUN dotnet restore "KubernetesWebApp/KubernetesWebApp.csproj":
#12 3.363 Determining projects to restore...
#12 5.397 /usr/share/dotnet/sdk/3.1.412/NuGet.targets(128,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json. [/src/KubernetesWebApp/KubernetesWebApp.csproj]
#12 5.397 /usr/share/dotnet/sdk/3.1.412/NuGet.targets(128,5): error : The SSL connection could not be established, see inner exception. [/src/KubernetesWebApp/KubernetesWebApp.csproj]
#12 5.397 /usr/share/dotnet/sdk/3.1.412/NuGet.targets(128,5): error : The remote certificate is invalid according to the validation procedure. [/src/KubernetesWebApp/KubernetesWebApp.csproj]
------
executor failed running [/bin/sh -c dotnet restore "KubernetesWebApp/KubernetesWebApp.csproj"]: exit code: 1
What I Think the Problem Is
I think the issue arises when :
- The docker container attempts to pull Nuget packages from a nuget feed,
- During identity verification it checks the provided server certificate
- Due to some specified validation procedure, the server certificate fails verification.
What I've Tried to Fix It
I've tried the following commands to force the application to download new base container images, but to no avail:
Attempt 1:
docker build --no-cache --pull -t kuberneteswebapp:latest -f KubernetesWebApp/Dockerfile .
Result: Same error as before
Attempt 2:
docker system prune
docker image prune -a
docker build --no-cache --pull -t kuberneteswebapp:latest -f KubernetesWebApp/Dockerfile .
result: Same error as before
Neither of these efforts have succeeded. Can anyone help me? I'm at a loss here.