Open utterances-bot opened 1 year ago
Hi On step 1. the command need to be changed to :
openssl genrsa -out ca-key.key 4096
With ca-key.key instead of ca.key
Thank you @PostRaphaelPerrin! There were a few consistencies in the key file names, just fixed!
I went with ca.key
and server.key
instead of ca-key.key
and server-key.key
Thanks Josh,
I guess you have to change:
@sergiumihailov thank you for catching! Fixed 😄
server.cnf
changed to server.conf
.
Hi , did you try on eks 1.24 ? i am getting "x509: certificate signed by unknown authority" http: TLS handshake error from:IP:PORT: remote error: tls: bad certificate
Internal error occurred: failed calling webhook \"mutate.runner.actions.summerwind.dev\": failed to call webhook: Post \"https://github-runner-actions-runner-controller-webhook.github-runner.svc:443/mutate-actions-summerwind-dev-v1alpha1-runner?timeout=10s\": x509: certificate signed by unknown authority (possibly because of \"x509: cannot verify signature: insecure algorithm SHA1-RSA (temporarily override with GODEBUG=x509sha1=1)\" while trying to verify candidate authority certificate)
Hi all !! in EKS 1.24 signed CA will not work
"In Kubernetes 1.23 and earlier, kubelet serving certificates with unverifiable IP and DNS Subject Alternative Names (SANs) are automatically issued with unverifiable SANs. These unverifiable SANs are omitted from the provisioned certificate. In version 1.24 and later clusters, kubelet serving certificates aren't issued if any SAN can't be verified. This prevents kubectl exec and kubectl logs commands from working. For more information, see Certificate signing considerations before upgrading your cluster to Kubernetes 1.24. "
@noamgreen Interesting, I hadn't tried this on 1.24... seems problematic 😬
Same, didn't get it working with gke 1.25.
Error from server (InternalError): error when creating "runner.yaml": Internal error occurred: failed calling webhook "mutate.runnerdeployment.actions.summerwind.dev": failed to call webhook: Post "https://actions-runner-controller-webhook.gh-action-runner.svc:443/mutate-actions-summerwind-dev-v1alpha1-runnerdeployment?timeout=10s": dial tcp 100.78.9.182:9443: i/o timeout
@saurabh21316 At this point I would probably go with the GHA scale set runners, which doesn’t require cert-manager.
Configure actions-runner-controller without cert-manager | josh-ops
Configure actions-runner-controller without cert-manager so that you can use self-signed or self-managed certificates to scale your GitHub runners
https://josh-ops.com/posts/actions-runner-controller-without-cert-manager/