binderhub-ui HTTP:599 SSL error

[ggarza31416]

Context

I am getting an HTTP 599: SSL certificate problem: unable to get local issuer certificate when trying to use Binder-UI.

Here's my configuration parameters for Binder:

nameOverride: ""
fullnameOverride: ""
global: {}

# Resources for the BinderHub created build pods
# -----------------------------------------------------------------------------
#
buildPodsDockerConfig: {}
buildPodsRegistryCredentials:
  server: https://index.docker.io/v1
  username: <Redacted>
  password: <Redacted>

config:
  BinderHub:
    base_url: /
    hub_url: https://<jupyterhub-domain>
    badge_base_url: https://<binderhub-domain>
    use_registry: true
    image_prefix: <Redacted>/
    enable_api_only_mode: false
  DockerRegistry:
    username: <Redacted>
    password: <Redacted>
extraConfig:
  binderhub-service-01-build-pods-docker-config: |
    import os
    c.KubernetesBuildExecutor.push_secret = os.environ["PUSH_SECRET_NAME"]

  binderhub-service-02-set-docker-api: |
    import os
    helm_release_name = os.environ["HELM_RELEASE_NAME"]
    namespace = os.environ["NAMESPACE"]
    c.KubernetesBuildExecutor.docker_host = f"/var/run/{ namespace }-{ helm_release_name }/docker-api/docker-api.sock"

extraEnv:
  - name: JUPYTERHUB_API_TOKEN
    valueFrom:
      # Any JupyterHub Services api_tokens are exposed in this k8s Secret
      secretKeyRef:
        name: hub
        key: hub.services.binder.apiToken
  - name: JUPYTERHUB_CLIENT_ID
    value: "service-binder"
  - name: JUPYTERHUB_API_URL
    value: "https://<jupyterhub-domain>/hub/api"
  # Without this, the redirect URL to /hub/api/... gets
  # appended to binderhub's URL instead of the hub's
  - name: JUPYTERHUB_BASE_URL
    value: "https://<jupyterhub-domain>/"
  - name: JUPYTERHUB_OAUTH_CALLBACK_URL
    value: "https://<binderhub-domain>/oauth_callback"
replicas: 1
image:
  repository: quay.io/2i2c/binderhub-service
  tag: "0.1.0-0.dev.git.249.hd511f95"
  pullPolicy: ""
  pullSecrets: []
resources: {}
securityContext:
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

podSecurityContext: {}
podAnnotations: {}
nodeSelector: {}
affinity: {}
tolerations: []

# RBAC resources
# -----------------------------------------------------------------------------
#
rbac:
  create: true

# ServiceAccount resource
# -----------------------------------------------------------------------------
#
serviceAccount:
  create: true
  name: ""
  annotations: {}

# Service resource
# -----------------------------------------------------------------------------
#
service:
  type: ClusterIP
  port: 80

# Ingress resource
# -----------------------------------------------------------------------------
#
ingress:
  annotations:
    kubernetes.io/ingress.class: traefik
    ingress.kubernetes.io/custom-request-headers: X-Scheme:https
  enabled: true
  hosts: [<binderhub-domain>]
  pathSuffix: ""
  tls: []
# DaemonSet resource - docker-api
# -----------------------------------------------------------------------------
#
# This DaemonSet starts a pod on each node to setup a Docker API that
# binderhub's spawned build pods can make use of, via a hostPath volume that
# exposes a unix socket.
#
dockerApi:
  image:
    repository: docker.io/library/docker
    # Temporarily pinned, until https://github.com/2i2c-org/infrastructure/issues/3588 is fixed
    tag: "26.1.3-dind" # source: https://hub.docker.com/_/docker/tags
    pullPolicy: ""
    pullSecrets: []
  resources: {}
  securityContext:
    privileged: true
    runAsUser: 0

  podSecurityContext: {}
  podAnnotations: {}
  nodeSelector: {}
  affinity: {}
  tolerations: []

  extraArgs: []
  extraFiles: {}

I can't figure it out what am I missing. Could you please advise?

Proposal

No response

Updates and actions

No response