Closed jishminor closed 3 years ago
You can specify a custom CA using a certConfigMap. An example of that is available here: I don't know enough about k3s to give you an intelligent answer on what might be going on in the network that it thinks it requires a different CA. Alternatively if you are just testing, you can use http instead of https. If you post the importer pod log I might have a better though.
For some more context here is my Kubevirt VM config:
apiVersion: kubevirt.io/v1alpha3
kind: VirtualMachine
metadata:
name: ubuntu
spec:
running: false
template:
metadata:
labels:
kubevirt.io/size: small
kubevirt.io/domain: ubuntu
spec:
domain:
cpu:
cores: 2
devices:
disks:
- name: datavolumedisk1
disk:
bus: virtio
- name: cloudinitdisk
disk:
bus: virtio
interfaces:
- name: default
bridge: {}
resources:
requests:
memory: 2048M
networks:
- name: default
pod: {}
volumes:
- dataVolume:
name: ubuntu-dv
name: datavolumedisk1
- name: cloudinitdisk
cloudInitNoCloud:
secretRef:
name: smarter-cloud-init-secret
dataVolumeTemplates:
- metadata:
name: ubuntu-dv
spec:
pvc:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
source:
http:
url: https://cloud-images.ubuntu.com/bionic/20200629/bionic-server-cloudimg-amd64.img
# registry:
# url: docker://tedezed/debian-container-disk:9.0
And here are the logs of the importer pod:
I0630 19:46:53.715610 1 importer.go:51] Starting importer
I0630 19:46:53.715684 1 importer.go:112] begin import process
E0630 19:46:53.774464 1 importer.go:118] Get https://cloud-images.ubuntu.com/bionic/20200629/bionic-server-cloudimg-amd64.img: x509: certificate has expired or is not yet valid
HTTP request errored
kubevirt.io/containerized-data-importer/pkg/importer.createHTTPReader
pkg/importer/http-datasource.go:268
kubevirt.io/containerized-data-importer/pkg/importer.NewHTTPDataSource
pkg/importer/http-datasource.go:82
main.main
cmd/cdi-importer/importer.go:116
runtime.main
GOROOT/src/runtime/proc.go:203
runtime.goexit
src/runtime/asm_amd64.s:1357
certificate has expired or is not yet valid
This error makes me think that whatever is fetching has an unsynchronized clock. I don't know how k3s works on Mac, but I assume "runs as a VM, and has its own clock".
Does fetching on the host of the cluster work without errors?
ssh <user>@<server_ip>:/etc/rancher/k3s/k3s.yaml # I assume this is how to connect to it
curl https://cloud-images.ubuntu.com/bionic/20200629/bionic-server-cloudimg-amd64.img
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
/close
@kubevirt-bot: Closing this issue.
Is this a BUG REPORT or FEATURE REQUEST?: /kind bug
What happened: When specifying a public url to pull a disk image, a cert error occurs, causing the pod to repeatedly restart.
What you expected to happen: Remote disk image pull should not face server verification issues.
How to reproduce it (as minimally and precisely as possible): I am using k3s to test kubevirt. It was installed using the following instructions: On your server node run
Copy over your kubeconfig from the server node to your dev machine
On your Mac dev machine now run:
Anything else we need to know?: K3s uses its own local-path storage provisioner which is installed by default. Flannel is also installed as the default cni. It seems that there is something odd about the pod networking when created via k3s, such that it doesn't have the correct certificate info. If you run the docker container locally via
docker run --rm -it --entrypoint="" kubevirt/cdi-importer:v1.19.0 bash
and wget an image such ashttps://cloud-images.ubuntu.com/bionic/20200629/bionic-server-cloudimg-amd64.img
it pulls the data down fine.Environment:
kubectl get deployments cdi-deployment -o yaml
): v1.19.0kubectl version
):Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.4", GitCommit:"c96aede7b5205121079932896c4ad89bb93260af", GitTreeState:"clean", BuildDate:"2020-06-18T02:59:13Z", GoVersion:"go1.14.3", Compiler:"gc", Platform:"darwin/amd64"}