search

intel / trusted-certificate-issuer

Trusted Certificate Service (TCS) is a K8s service to protect signing keys using Intel's SGX technology. K8s CSR and cert-manager CR APIs are both supported. TCS also contains integration samples for Istio service mesh and Key Management Reference Application (KMRA).
Apache License 2.0
29 stars 15 forks source link

init container failure when using containerd #69

Open avalluri opened 1 year ago

avalluri commented 1 year ago

Recently I discovered another bug with TCS version 0.4.0, it exist on both prebuild and locally build image when we are using contained (v1.6.8) as a runtime. It looks like init container for TCS is failing:

Init Containers:
  init:
    Container ID:  containerd://acddb4e72879567b4ea02ab2e7ee00afc7da0286e4ae72ccf915a577e89a0ea0
    Image:         busybox:1.34.1
    Image ID:      [docker.io/library/busybox@sha256:59f225fdf34f28a07d22343ee415ee417f6b8365cf4a0d3a2933cbd8fd7cf8c1](mailto:docker.io/library/busybox@sha256:59f225fdf34f28a07d22343ee415ee417f6b8365cf4a0d3a2933cbd8fd7cf8c1)
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/chown
      5000:5000
      /home/tcs-issuer/tokens
    State:          Waiting
      Reason:       CrashLoopBackOff
    Last State:     Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Fri, 02 Dec 2022 08:15:57 -0800
      Finished:     Fri, 02 Dec 2022 08:15:57 -0800
    Ready:          False
    Restart Count:  2
    Environment:    <none>
    Mounts:
      /home/tcs-issuer/tokens from tokens-dir (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-gb8df (to)