Closed Learntotolearn closed 8 months ago
Hi. Thanks for reporting this issue. The certificates for upload are generally intended to be used only for internal communication between CDI and other cluster components. I am curious what your use case is that would lead you to encounter an issue. Would you be willing to share some more details?
The use case is: When creating a virtual machine, use dataVolumeTemplates to upload the virtual machine image.
The virtual machine yaml file is as follows:
apiVersion: kubevirt.io/v1alpha3
kind: VirtualMachine
metadata:
name: lms-vm-2
spec:
running: true
template:
spec:
domain:
devices:
disks:
- disk:
bus: virtio
name: datavolumedisk1
- disk:
bus: virtio
name: cloudinit-disk1
interfaces:
- name: red
masquerade: {} # connect using masquerade mode
resources:
requests:
memory: 2Gi
networks:
- name: red
pod: {}
volumes:
- dataVolume: #Note the type is dataVolume
name: vm-2-pvc
name: datavolumedisk1
- cloudInitNoCloud:
userData: |-
#cloud-config
user: ubuntu
password: test
chpasswd: { expire: False }
name: cloudinit-disk1
dataVolumeTemplates:
- metadata:
name: vm-2-pvc
spec:
pvc:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Gi
storageClassName: csi-cephrdb-sc1
volumeMode: Block
sourceRef:
kind: DataSource
name: centos-stream-9
During this process, the issue of certificate expiration was discovered.
Then it was solved using the following methods:
kubectl get secret -n cdi cdi-uploadproxy-server-cert \
-o jsonpath="{.data['tls\.crt']}" \
| base64 -d > cdi-uploadproxy-server-cert.crt
cp cdi-uploadproxy-server-cert.crt /usr/local/share/ca-certificates/
update-ca-certificates
@Learntotolearn typically, the cdi-uploadproxy is exposed via ingress or router as described here: https://github.com/kubevirt/containerized-data-importer/blob/main/doc/exposing-upload-proxy.md
In that case, the client shouldn't care about the internal cert
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
/remove-lifecycle stale Hey @Learntotolearn, was your problem solved by following our upload documentation?
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Closing this issue due to inactivity but feel free to reopen if necessary. Thanks!
Is your feature request related to a problem? Please describe: A clear and concise description of what the problem is.
Describe the solution you'd like: A clear and concise description of what you want to happen.
Describe alternatives you've considered: A clear and concise description of any alternative solutions or features you've considered.
Additional context: Add any other context or screenshots about the feature request here.