"msg":"failed to send slack message : certificate signed by unknown authority

[ibexmonj]

Hi team,

      Thanks again for this app. I saw a demo on the CNCF channel and i had to try it.

I was able to use the example manifest and install hermod in my cluster successfully. The controller started up fine as seen from the logs below:

{"level":"info","msg":"starting deployment watcher","time":"2022-05-04T16:10:20Z"}
{"level":"info","msg":"deployment cache controller synced","time":"2022-05-04T16:10:20Z"}
{"level":"info","msg":"namespace cache controller synced","time":"2022-05-04T16:10:21Z"}

I tested out a deployment and looks like the slack api calls are failing.

{"level":"error","msg":"failed to send slack message: failed to send message \"*Rollout for Deployment `user-test` in `user` namespace on `dev` cluster is successful.*\" to 'demoapp': Post \"https://slack.com/api/chat.postMessage\": x509: certificate signed by unknown authority","time":"2022-05-04T16:21:32Z"}

I don't quite grok the x509 error. It's not like slack is using a self-signed cert in this case. I am a bit lost here.

Have you seen this error before ?

[surajnarwade]

Hi @ibexmonj thanks for reporting the issue, we have not seen this issue in our setup. but I kinda figured out the problem.

you will need to mount the ca-bundle from the host, ideally, we should have updated this in the image itself. I will soon raise a PR to fix that.

Meanwhile quick fix would be add a volume,

      volumes:
      - hostPath:
          path: /usr/share/ca-certificates
        name: ssl-certs-host

and volumemount,

        volumeMounts:
        - mountPath: /etc/ssl/certs
          name: ssl-certs-host

[surajnarwade]

Hi @ibexmonj I have fixed this in recent release of hermod, can you try it out and let us know if it works :)