在 Linux Mint 上使用 Minikube 部署 SSL 失败，但在 Windows 上工作正常

我尝试在本地 Linux Mint 计算机上部署 R-ShinyVerse 映像，但甚至

curl

和

apt-get install

由于 SSL 错误而失败。

我的 Dockerfile：

FROM rocker/shiny-verse:4.4.1

ARG WHEN
ENV NVM_DIR /root/.nvm

# Install apps
RUN apt-get update
RUN apt-get install -y sudo curl rclone cron rsyslog procps systemd \
  libcurl4-openssl-dev libssl-dev \
  libxml2-dev libfontconfig1-dev libharfbuzz-dev libfribidi-dev \
  libfreetype6-dev libpng-dev libtiff5-dev libjpeg-dev
  
RUN curl https://rclone.org/install.sh | bash

# Install library for R
RUN R -e "options(repos = \
  list(CRAN = 'https://packagemanager.posit.co/cran/${WHEN}/')); \
  if (!require('pacman')) install.packages('pacman'); \
  pacman::p_load(tidyverse, ggplot2, dplyr, httr2, glue, stats, readr, \
  lubridate, jsonlite, qualtRics, here, rmarkdown, \
  formattable, tidyr, shiny, DT, knitr, kableExtra, data.table, \
  tinytex, flextable, officer, stringr, rlang, mailR, geometry, install = T, update = F); \
  tinytex::install_tinytex();"

还有一个简单的

.yaml

部署文件：

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-rwmain
spec:
  replicas: 1
  selector:
    matchLabels:
      app: rwmain-app
  template:
    metadata:
      labels:
        app: rwmain-app
    spec:
      containers:
      - name: rwmain
        image: rwmain:latest 
        imagePullPolicy: Never

没有服务，所以没有LoadBalancer/NodePort/... 结果：即使是简单的

curl

到

example.net

也会产生 SSL 错误：

# curl -vvv https://example.net
*   Trying 192.168.1.1:443...
* Connected to example.net (192.168.1.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Unknown (21):
* TLSv1.3 (OUT), TLS alert, bad certificate (554):
* SSL certificate problem: EE certificate key too weak
* Closing connection 0
curl: (60) SSL certificate problem: EE certificate key too weak
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

我的 Windows 11 计算机上的一切都按预期运行 — 我什至设置了

cloudflared

隧道连接器，一切功能都相同。

最初，我以为这是防火墙的情况，所以我禁用了

ufw

并重新启动了所有内容，但无济于事。

所以我的问题是：如何进一步调试，为什么相同的设置在 Windows 上运行良好，但在 Linux Mint 上却失败？

系统信息：Minikube v1.34.0、Linux Mint 22（Cinnamon）、Kubernetes v1.31.0、Docker 27.2.0

编辑：在 Linux Mint 的 pod 上调试和运行

openssl s_client -connect example.net:443 -showcerts

时，它使用 1024 位 Sagemcom RSA 密钥（我假设这是错误的原因），但主机 Linux 计算机、我的 Windows 计算机和我的Windows minikube pod 全部返回 Digicert 2048 位密钥。