Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Virtual clusters not given CA. #505

Open
GrahamDumpleton opened this issue Jul 12, 2024 · 1 comment
Open

Virtual clusters not given CA. #505

GrahamDumpleton opened this issue Jul 12, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@GrahamDumpleton
Copy link
Collaborator

Describe the bug

Observed this when using virtual clusters created using helm charts rather than builtin virtual cluster support, but expect later will have same issue.

When using your CA so can have self signed certificates, the CA isn't injected into the virtual cluster control plane so might be issue if is required.

Believe this is the case as see the error:

12:38:17AM: ongoing: reconcile deployment/lookup-service-poc (apps/v1) namespace: educates-platform
12:38:17AM:  ^ Waiting for 1 unavailable replicas
12:38:17AM:  L ok: waiting on replicaset/lookup-service-poc-5c7b4d9759 (apps/v1) namespace: educates-platform
12:38:17AM:  L ongoing: waiting on pod/lookup-service-poc-5c7b4d9759-plvqj (v1) namespace: educates-platform
12:38:17AM:     ^ Pending: ErrImagePull (message: failed to pull and unpack image "registry-educates-cli-w03-s001.educates-local-dev.test/lab-platform-operator/lookup-service-poc:latest": failed to resolve reference "registry-educates-cli-w03-s001.educates-local-dev.test/lab-platform-operator/lookup-service-poc:latest": failed to do request: Head "https://registry-educates-cli-w03-s001.educates-local-dev.test/v2/lab-platform-operator/lookup-service-poc/manifests/latest": tls: failed to verify certificate: x509: certificate signed by unknown authority)

when trying to deploy to the virtual cluster an image built in the workshop session and pushed to the per session image registry.

Additional information

No response

@jorgemoralespou
Copy link
Collaborator

When creating an issue like this would be good to have a reproducer of the steps and workshop definition :-P

I don't think this should be any different than running any other image built and pushed to the per-session registry, as this log, ErrImgPull should be that containerd on the host can not pull down the image from that registry. The reproducer could probably help to investigate whether this is a regression on 3.0.0 (if you were already using that) or if it has always existed. Remember than in 3.0 we have changed how containerd is configured on the host, so maybe something broke there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants