Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Internal certificate used when installing Helm Tiller Kubernetes

Tags:

gitlab

kubernetes

kubernetes-helm

The error below is triggered when executing kubectl -n gitlab-managed-apps logs install-helm.

I've tried regenerating the certificates, and bypassing the certificate check. Somehow it is using my internal certificate instead of the certificate of the source.

root@dev # kubectl -n gitlab-managed-apps logs install-helm
+ helm init --tiller-tls --tiller-tls-verify --tls-ca-cert /data/helm/helm/config/ca.pem --tiller-tls-cert /data/helm/helm/config/cert.pem --tiller-tls-key /data/helm/helm/config/key.pem
Creating /root/.helm 
Creating /root/.helm/repository 
Creating /root/.helm/repository/cache 
Creating /root/.helm/repository/local 
Creating /root/.helm/plugins 
Creating /root/.helm/starters 
Creating /root/.helm/cache/archive 
Creating /root/.helm/repository/repositories.yaml 
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com 
Error: Looks like "https://kubernetes-charts.storage.googleapis.com" is not a valid chart repository or cannot be reached: Get https://kubernetes-charts.storage.googleapis.com/index.yaml: x509: certificate is valid for *.tdebv.nl, not kubernetes-charts.storage.googleapis.com

What might be the issue here? Screenshot below is the error Gitlab is giving me (not much information either).

enter image description here

like image 428
Jordi Kroon Avatar asked Jan 12 '19 20:01

Jordi Kroon

2 Answers

After having the same issue I finally found the solution for it:

In the /etc/resolv.conf file on your Master and Worker nodes you have to search and remove the search XYZ.com entry.

If you are using Jelastic you have to remove this entry every time after a restart. It gets added by Jelastic automatically. I already contacted them so maybe they will fix it soon.

like image 55
Fabio Widmer Avatar answered Nov 11 '22 00:11

Fabio Widmer

Creating "~/.helm/repository/repositories.yaml" with the following content solved the problem.

cat << EOF >> ~/.helm/repository/repositories.yaml
apiVersion: v1
repositories:
- caFile: ""
  cache: ~/.helm/repository/cache/stable-index.yaml
  certFile: ""
  keyFile: ""
  name: stable
  password: ""
  url: https://kubernetes-charts.storage.googleapis.com
  username: ""
- caFile: ""
  cache: ~/.helm/repository/cache/local-index.yaml
  certFile: ""
  keyFile: ""
  name: local
  password: ""
  url: http://127.0.0.1:8879/charts
  username: ""
EOF

#helm init
like image 3
Madhu Kiran Seelam Avatar answered Nov 11 '22 00:11

Madhu Kiran Seelam
Sign in to Comment

Related questions

How do I run a Kubernetes Job once in N hours?
Kubernetes CPU throttling with CPU usage well below requests/limits
What are all the "The resourceVersion for the provided watch is too old" warnings from event-exporter container?
How to debug failed requests with client_disconnected_before_any_response
replica set config is invalid or we are not a member of it, running in kubernetes
Istio(0.7.1) : Circuit Breaker Doesn't work for httpConsecutiveErrors
How to customise config.toml on Kubernetes?
How to make kubernetes work with dynamic ip address
Ingress controller to route TCP traffic
Pods stuck in ContainerCreating with "failed to assign an IP address to container"
How can I determine the current ephemeral-storage usage of a running Kubernetes pod?
helm getting subchart service names
POST larger than 400 Kilobytes payload to a container in Kubernetes fails
History of Kubernetes Pod Termination Events?
CertManager Letsencrypt CertificateRequest "failed to perform self check GET request"
How to use local docker containers with Kubernetes
Getting "x509: certificate signed by unknown authority" even with "--insecure-skip-tls-verify" option in Kubernetes
Access local docker images with k3s
Error loading Namespaces. Unauthorized: Verify you have access to the Kubernetes cluster
How to get a PDF/print version of kubernetes' docs?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!