Closed MoonBarc closed 3 years ago
I'm not familiar with Tilt - what happens if you run Agones on Minikube without it?
Sorry, I should have explained more of what it does. It's basically Skaffold, except it uses Starlark and has a cool web interface. From what I know, Tilt is trying to build the image, and then deploy it using kubectl
.
I will try it without tilt as soon as I can, but I'm not at home currently.
Just tried it on kind
instead of minikube
and was pleasantly surprised that it works. Must just be a minikube
thing. I will close for now but will also do some further investigation.
Wondering if you solved this? We are running into similar issues with ArgoCD
Just in case someone stumble onto this issue with ArgoCD. Hopefully it can save someone 2 weeks of hair pulling. We were able to resolve this by setting static controller TLS cert and key with the below field.
agones.controller.tlsCert
agones.controller.tlsKey
The initial merge from ArgoCD works flawlessly. Subsequent sync from ArgoCD somehow modified the Agones certificates and all related ca-bundle. As a result, we got the error x509: cert signed by unknown authority
. You can observe the behavior in ArgoCD UI with out-of-sync
on mutating webhook, validating webhook, agones-cert, and/or allocator API service despite being in sync. Below is an image of what it looks like
After inputing a static TLS certificate and key, you can use the below command to validate that secret cert is identical to ca-bundle.
kubectl get mutatingwebhookconfiguration agones-mutation-webhook -o yaml -o jsonpath='{.webhooks[0].clientConfig.caBundle}' | base64 -d
kubectl get secrets -n agones-system agones-cert -o yaml -o jsonpath='{.data.server\.crt}' | base64 -d
Can also run this command to verify the CA and Cert.
openssl verify x509_strict -CAfile build/ca.crt build/server.crt
Note: agones-cert
= { helm release name }-cert
Potential solution is to use cert-manager if you don't want TLS data in github. PR
What happened: When adding a new Fleet after Agones has started up fully, it tries to call the
mutations.agones.dev
endpoint and fails due toWhat you expected to happen: The
kubectl apply
to work and deploy a Fleet. How to reproduce it (as minimally and precisely as possible):tilt
Environment:
agones-controller
spam this sporadically in the logs:Thanks!