google-cloud-go: pubsub client does not work inside a docker container
I have this compose file
version: "3.3"
services:
dev:
build:
context: .
dockerfile: docker/dev.dockerfile
ports:
- '3000:3000'
environment:
- PUBSUB_EMULATOR_HOST=http://pubsub:8085
- PUBSUB_PROJECT_ID=marwan-test
depends_on:
- pubsub
pubsub:
image: google/cloud-sdk
ports:
- '8085:8085'
command: ["gcloud", "beta", "emulators", "pubsub", "start", "--host-port", "0.0.0.0:8085"]
My dev container is a golang:1.9.1 image with the following main.go file:
func main()
ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
defer cancel()
cl, err := pubsub.NewClient(ctx, "marwan-test")
if err != nil {
panic(err)
}
t, err := cl.CreateTopic(ctx, "email")
if err != nil {
panic(err) // if this program is running inside a docker image, it will panic, otherwise -- create topic succeeds.
}
}
if the above file is running inside a container, then cl.CreateTopic will be stuck indefinitely until context is timed out. However, if I run this file from the host machine and just connect to localhost:8085 instead of pubsub:8085 – then it works.
I tried debugging why CreateTopic gets stuck infinitely, and it seems that grpc.Dial is settings its client connection to TRANSIENT_FAILURE.
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 19 (8 by maintainers)
I believe this is a grpc issue that is caused by connections made over http/2 silently failing when it has trouble finding system certs.
You should be able to see the exact error with
export GRPC_GO_LOG_SEVERITY_LEVEL="INFO". The error is, “transport: authentication handshake failed: x509: failed to load system roots and no roots provided”.As others have mentioned, adding
ca-certificatesshould resolve the issue until the grpc issue is fixed.alpine doesn’t have libc, so you’ll need to build with CGO_ENABLED=0 or use an image with libc like
gcr.io/distroless/baseI see #1414 opened. Let’s move discussion over there.