search

aws / eks-anywhere

Run Amazon EKS on your own infrastructure 🚀
https://anywhere.eks.amazonaws.com
Apache License 2.0
1.96k stars 283 forks source link

Cluster Deletion Fails for vSphere with self signed cert and thumbprint #1164

Open TerryHowe opened 2 years ago

TerryHowe commented 2 years ago

@TerryHowe When deleting a cluster using eksctl anywhere delete cluster it-eksa-mgmt, I am getting:

Performing provider setup and validations
Creating management cluster
Installing cluster-api providers on management cluster
Moving cluster management from workload cluster
Deleting workload cluster
Clean up Git Repo
GitOps field not specified, clean up git repo skipped
Closer failed   {"closerType": "*dependencies.Dependencies", "error": "govc returned error when logging out: govc: Post https://test-vc.terasky.demo/sdk: x509: certificate signed by unknown authority\n"}

I can confirm that the admin VM I'm running everything from doesn't trust the vCenter certificate indeed, but it used to work fine. Is this related to the insecure flag as well?

Edit: after setting insecure back to true in the it-eksa-mgmt/it-eksa-mgmt-eks-a-cluster.yaml file (under the generated cluster directory) and running the delete command again, everything's fine. So the insecure option affects the deletion process as well.

Warning: The recommended number of control plane nodes is 3 or 5
Performing provider setup and validations
Creating management cluster
Installing cluster-api providers on management cluster
Moving cluster management from workload cluster
Deleting workload cluster
Clean up Git Repo
GitOps field not specified, clean up git repo skipped

Originally posted by @itaytalmi in https://github.com/aws/eks-anywhere/issues/1155#issuecomment-1030650433

TerryHowe commented 2 years ago

I'm creating another ticket for this since it seems to be a similar, but unrelated issue. It sounds like delete fails for a vSphere with a self signed cert if you just set the thumbprint. You have to set insecure.

jleavers commented 1 year ago

Using v0.14.0 - I have insecure set to false and the thumbprint in my yaml file. All my create / upgrade / delete operations complete, but then error at the end:

Closer failed {"closerType": "*dependencies.Dependencies", "error": "govc returned error when logging out: govc: Post \"https://vcenter.mydomain.lab/sdk\": x509: certificate signed by unknown authority\n"}

As mentioned in https://github.com/aws/eks-anywhere/issues/3834, any bootstrap docker containers on the administrative machine are also not cleaned up.