search

networkservicemesh / deployments-k8s

Apache License 2.0
42 stars 35 forks source link

Error updating bundle #12090

Open carasanz opened 5 months ago

carasanz commented 5 months ago

Spire server logs:

time="2024-06-18T11:04:03Z" level=error msg="Error updating bundle" error="can't perform SPIFFE Authentication: local copy of bundle not found" subsystem_name=bundle_client trust_domain=docker.nsm

How can I solve this error?

NikitaSkrynnik commented 5 months ago

Hello! Could you please tell more about your environment? Do you launch it on kind cluster?

carasanz commented 5 months ago

Yes, I lauch it on kind cluster with one controller node and two worker nodes, but the Spire server is showing that error every time I try to launch it.

NikitaSkrynnik commented 5 months ago

Have you tried these commands?

kubectl apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/5b7e8d3ab475ba2be433d1de9b648206987989d7/examples/spire/single_cluster/clusterspiffeid-template.yaml
kubectl apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/5b7e8d3ab475ba2be433d1de9b648206987989d7/examples/spire/base/clusterspiffeid-webhook-template.yaml

Also what kind version do you use?

carasanz commented 5 months ago

Yes, I have tried them but the server is still not working. I switched to minikube, I am using minikube version: v1.33.1.

error

denis-tingaikin commented 5 months ago

Can be related to https://github.com/networkservicemesh/deployments-k8s/issues/12072

p4lik4ri commented 5 months ago

@carasanz can you check if there is a persistent volume created ? otherwise you have to create it manually

denis-tingaikin commented 2 months ago

Should be fixed with v1.14.0. Could you check it?

anselmobattisti commented 4 days ago

I faced a similar problem.

After copping the bundles to the cluster3 i got the same message.

level=error msg="Error updating bundle" error="can't perform SPIFFE Authentication: local copy of bundle not found" subsystem_name=bundle_client trust_domain=docker.nsm

After listing the bundles 

kubectl --context=kind-cluster3 exec spire-server-0 -n spire -c spire-server -- bin/spire-server bundle list
****************************************
* cluster2
****************************************
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

****************************************
* cluster1
****************************************
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----

I notice that the name of the bundle was not the same as the thrusted domain.

I changed the spiffe id removing the NSM before the name of the cluster. 

echo $bundle3 | kubectl --kubeconfig=$KUBECONFIG1 exec -i spire-server-0 -n spire -c spire-server -- bin/spire-server bundle set -format spiffe -id "spiffe://NSM.cluster3"

Verify if the name of the bundle is correctly defined.