Issue with connecting Golang application on Cloud Run with Firestore

Question

I try to get all Documents from Firestore using the below function.

The credentials are stored in an encrypted file in a GCP Cloud Source repository. I decrypted the configuration in the Cloud Build trigger and set the ENV in the Dockerfile pointing to the file. I see the content by RUN ls /app/credentials.json.

The error I get in the application log: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority"

The credentials are stored in an encrypted file in a GCP Cloud Source repository. I decrypted the configuration in the Cloud Build trigger and set the ENV in the Dockerfile pointing to the file. I see the content by RUN ls /app/credentials.json.

The error I get in the application log: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority"

Answer 1

This error is the result of an HTTPS failure where the certificate cannot be verified. The Alpine base image is missing a package that provides root certificates. Currently the Cloud Run quickstart is missing this for at least the Go language.

Assuming this is your problem, add the following to the final stage of your Dockerfile:

RUN apk add --no-cache ca-certificates