search

kcp-dev / helm-charts

Helm chart repo for KCP
Apache License 2.0
5 stars 22 forks source link

bug: compute ws stuck in Initializing Phase #32

Closed yogesh-reddy closed 1 year ago

yogesh-reddy commented 1 year ago

Installed KCP on the cluster using helm-chart .. tried creating admin.kubeconfig with https://github.com/kcp-dev/helm-charts/pull/30 as mentioned here.. with some changed to chart ingress etc was able to connect to kcp using the generated kubeconfig.

But when tried looking at ws got to know compute is stuck in initializing phase

after looking at logs got this error

{"ts":1679286985565.154,"caller":"workspace/workspace_controller.go:237","msg":"\"kcp-workspace\" controller failed to sync \"root|compute\", err: Get \"***.com:443/clusters/5dbcz56kxrgjoeal/apis/core.kcp.io/v1alpha1/logicalclusters/cluster\": x509: certificate signed by unknown authority\n"}

mjudeikis commented 1 year ago

Can you provide more details? For example, what was the result if you tried workaround #29? can you show what kubeconfig you use for this (admin.kubeconfig) in the container and what certificate is being served to the URL admin.kubeconfig is calling (you might need to do openssl connect to get those).

Basically, we need to validate the trust chain for this. My gut feeling tells this is a duplicate of #29 but we need more details to prove it.

hardys commented 1 year ago

This is a KCP bug - I'm trying to fix it in https://github.com/kcp-dev/kcp/pull/2882

Will also need corresponding a helm-charts update which I have in-progress at https://github.com/hardys/helm-charts/tree/external-logical-cluster-admin

yogesh-reddy commented 1 year ago

Can you provide more details? For example, what was the result if you tried workaround #29? can you show what kubeconfig you use for this (admin.kubeconfig) in the container and what certificate is being served to the URL admin.kubeconfig is calling (you might need to do openssl connect to get those).

Basically, we need to validate the trust chain for this. My gut feeling tells this is a duplicate of #29 but we need more details to prove it.

After trying work got this issue

{"ts":1679332692961.1738,"caller":"workspace/workspace_controller.go:237","msg":"\"kcp-workspace\" controller failed to sync \".com/root|compute\", err: Get \":443/clusters/2ffc0vl60v53zpck/apis/core.kcp.io/v1alpha1/logicalclusters/cluster\": x509: certificate is valid for kcp, localhost, not .com\n"}